Multiple directory traversal vulnerabilities in Symantec Messaging Gateway 9.5 and 9.5.1 allow remote attackers to read arbitrary files via a .. (dot dot) in the (1) logFile parameter in a logs action to brightmail/export or (2) localBackupFileSelection parameter in an APPLIANCE restoreSource action to brightmail/admin/restore/download.do.
