Public CVE-2015-9254 disclosure

Datto ALTO and SIRIS devices allow remote attackers to obtain sensitive information about data, software versions, configuration, and virtual machines via a request to a Web Virtual Directory.