Cleaver

**Name of the Vulnerable Software and Affected Versions** Xymon versions prior to 4.3.12 **Description** A directory traversal issue exists in the trend-data daemon (xymond rrd) of Xymon, allowing remote attackers to delete arbitrary files by including a .. (dot dot) in the host name within a "drophost" command. **Recommendations** For versions prior to 4.3.12, update to version 4.3.12 or later to resolve the issue. As a temporary workaround, consider restricting access to the "drophost" command to minimize the risk of exploitation.