Hinge

**Name of the Vulnerable Software and Affected Versions** IOServer versions prior to 1.0.19.0 **Description** A directory traversal issue exists in the XML Server of IOServer. This occurs when the Root Directory pathname does not end with a backslash character, allowing remote attackers to access arbitrary files or directories by using the dot dot (..) notation in a URI. **Recommendations** For versions prior to 1.0.19.0, update to version 1.0.19.0 or later to resolve the issue. As a temporary workaround, consider ensuring that the Root Directory pathname always includes a trailing backslash character to prevent directory traversal attacks.