Ddivulnalert

**Name of the Vulnerable Software and Affected Versions** Alcatel-Lucent OmniVista 4760 versions R5.1.06.03 and earlier **Description** A directory traversal issue in the NMS server allows remote attackers to read arbitrary files via directory traversal sequences in HTTP GET requests, related to the `lang` variable. **Recommendations** For versions R5.1.06.03 and earlier, consider restricting access to the NMS server until a fix is available. As a temporary workaround, avoid using the `lang` variable in HTTP GET requests to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this issue.