Detections
Analytics
CVE-2024-28064
critical
Description
Kiteworks Totemomail 7.x and 8.x before 8.3.0 allows /responsiveUI/EnvelopeOpenServlet messageId directory traversal for unauthenticated file read and delete operations (with displayLoginChunkedImages) and write operations (with storeLoginChunkedImages).
References
https://www.objectif-securite.ch/advisories/totemomail-path-traversal.txt