CVE-2024-28064 | Kiteworks Totemomail up to 8.2.x EnvelopeOpenServlet displayLoginChunkedImages/storeLoginChunkedImages messageId path traversal

A vulnerability, which was classified as critical, has been found in Kiteworks Totemomail up to 8.2.x. Affected by this issue is the function displayLoginChunkedImages/storeLoginChunkedImages of the file /responsiveUI/EnvelopeOpenServlet. The manipulation of the argument messageId leads to path traversal.

This vulnerability is handled as CVE-2024-28064. Access to the local network is required for this attack. There is no exploit available.

It is recommended to upgrade the affected component.

CVE-2024-28064 | Kiteworks Totemomail up to 8.2.x EnvelopeOpenServlet displayLoginChunkedImages/storeLoginChunkedImages messageId path traversal

Post correlati

CVE-2024-2832 | Campcodes Online Shopping System 1.0 /offersmail.php email cross site scripting

CVE-2024-45460 | Manu225 Flipping Cards Plugin up to 1.30 on WordPress cross site scripting

CVE-2024-38103 | Microsoft Edge up to 126.0.2592.102 unknown vulnerability

CVE-2024-9301 | Netflix E2Nest prior #16 path traversal (nflx-2024-004)