CVE-2024-28064

Published: 2024-05-18T22:15Z

Last Modified: 2024-11-21T09:05Z

Source: MITRE CVE List

License: MITRE-CVE-TOS

Kiteworks Totemomail 7.x and 8.x before 8.3.0 allows /responsiveUI/EnvelopeOpenServlet messageId directory traversal for unauthenticated file read and delete operations (with displayLoginChunkedImages) and write operations (with storeLoginChunkedImages). > MITRE Terms of Use apply – see LICENSE‑MITRE.txt