A vulnerability has been identified in HP Systems Insight Manager (SIM) for HP-UX, Linux, and Windows. The issue is due to the 'logfile' parameter in switchFWInstallStatus.jsp not properly sanitizing user-supplied input. With a crafted HEAD request, a remote unauthenticated attacker can disclose arbitrary files with SYSTEM or root privileges.