CVE-2016-6370 (hosted_collaboration_mediation_fulfillment)
Directory traversal vulnerability in the web interface in Cisco Hosted Collaboration Mediation Fulfillment (HCM-F) 10.6(3) and earlier allows remote authenticated users to read arbitrary files via a crafted pathname in an HTTP request, aka Bug ID CSCuz27255.
Source: CVE-2016-6370 (hosted_collaboration_mediation_fulfillment)