This vulnerability allows remote attackers to retrieve arbitrary files on systems with vulnerable installations of EMC Control Center. Authentication is not required to exploit this vulnerability.
The specific flaw exists in the Master Agent service (msragent.exe) which listens by default on TCP port 10444. While processing SST_SENDFILE requests the service does not validate the requestor allowing any remote attacker to download arbitrary files.
Customers should upgrade to version 6.1 which contains the fix.