CVE-2024-28064 Information
May 20, 2024
cve
Description
Kiteworks Totemomail 7.x and 8.x before 8.3.0 allows /responsiveUI/EnvelopeOpenServlet messageId directory traversal for unauthenticated file read and delete operations (with displayLoginChunkedImages) and write operations (with storeLoginChunkedImages).
Reference
https://www.objectif-securite.ch/advisories/totemomail-path-traversal.txt
Share on: