5.4 Medium
AI Score
Confidence
High
0.001 Low
EPSS
Percentile
35.5%
An insecure direct object reference in webmail in totemo totemomail 7.0.0 allows an authenticated remote user to read and modify mail folder names of other users via enumeration.
objectif-securite.ch/2020/03/20/IDOR-totemo-mail-folder.html
www.totemo.com/en/solutions/email-encryption