Summary
The Brio web application interface has a directory traversal in the component 'odscgi'. An attacker may exploit this flaw to read arbitrary files on the remote host by submitting a URL like :
http://www.example.com/ods-cgi/odscgi?HTMLFile=../../../../../../etc/passwd
Solution
Check www.brio.com for updated software.