Lucene search

K

[email protected]CVE-2024-28064

HistoryMay 18, 2024 - 10:15 p.m.

CVE-2024-28064

2024-05-1822:15:07

[email protected]

web.nvd.nist.gov

31

kiteworks

totemomail

security vulnerability

file read

file delete

file write

directory traversal

unauthenticated access

nvd

cve-2024-28064

7.3 High

AI Score

Confidence

Low

Kiteworks Totemomail 7.x and 8.x before 8.3.0 allows /responsiveUI/EnvelopeOpenServlet messageId directory traversal for unauthenticated file read and delete operations (with displayLoginChunkedImages) and write operations (with storeLoginChunkedImages).

References

www.objectif-securite.ch/advisories/totemomail-path-traversal.txt

7.3 High

AI Score

Confidence

Low

Related for CVE-2024-28064