VMware Update Manager versions 4.1 prior to update 2 suffer from a directory traversal vulnerability.
06ec687238eb262116fe18b7c8d44a43f0193289ae66d84ef77ac981152300c0
VMware Security Advisory 2011-0014 - Configuration update for VMware vSphere Update Manager's third party Jetty Web server component addresses directory traversal vulnerability.
91c0b7e3565e1628f3fb5c8f2344a768df5d11f25a8315c09eed6767c71b2bac