CVE-2024-28064

2024-05-1822:15:07

[email protected]

web.nvd.nist.gov

kiteworks totemomail

7.x

8.x

8.3.0

directory traversal

vulnerability

unauthenticated

file read

delete

write operations

6.8 Medium

AI Score

Confidence

Low

0 Low

EPSS

Percentile

0.0%

JSON

Kiteworks Totemomail 7.x and 8.x before 8.3.0 allows /responsiveUI/EnvelopeOpenServlet messageId directory traversal for unauthenticated file read and delete operations (with displayLoginChunkedImages) and write operations (with storeLoginChunkedImages).

References

www.objectif-securite.ch/advisories/totemomail-path-traversal.txt