IBM Rational AppScan Enterprise prior to 5.5 FP1 allows remote malicious users to read arbitrary exported reports by "forcefully browsing."
ibm rational appscan