An insecure direct object reference in webmail in totemo totemomail 7.0.0 allows an authenticated remote user to read and modify mail folder names of other users via enumeration.
https://www.totemo.com/en/solutions/email-encryption
https://objectif-securite.ch/2020/03/20/IDOR-totemo-mail-folder.html