This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Hewlett-Packard AutoPass License Server. Authentication is not required to exploit this vulnerability. The flaw exists within the CommunicationServlet. The specific flaw is a directory traversal vulnerability, which allows an unauthenticated user to write a file anywhere on the server. An attacker can leverage this vulnerability to execute arbitrary code in the context of the SYSTEM user.