CVE-2024-28064 | Kiteworks Totemomail up to 8.2.x EnvelopeOpenServlet displayLoginChunkedImages/storeLoginChunkedImages messageId path traversal

A vulnerability, which was classified as critical, has been found in Kiteworks Totemomail up to 8.2.x. Affected by this issue is the function displayLoginChunkedImages/storeLoginChunkedImages of the file /responsiveUI/EnvelopeOpenServlet. The manipulation of the argument messageId leads to path traversal.

This vulnerability is handled as CVE-2024-28064. Access to the local network is required for this attack. There is no exploit available.

It is recommended to upgrade the affected component.

CVE-2024-28064 | Kiteworks Totemomail up to 8.2.x EnvelopeOpenServlet displayLoginChunkedImages/storeLoginChunkedImages messageId path traversal

Related Posts

CVE-2024-2594 | Amssplus AMSS++ 4.31 index.php cross site scripting

CVE-2024-3300 | Dassault Systèmes DELMIA Apriso up to <=2019 SP5 .NET Object deserialization

CVE-2024-38776 | Martin Gibson WP GoToWebinar Plugin up to 15.7 on WordPress cross-site request forgery

CVE-2024-7194 | itsourcecode Society Management System 1.0 check_student.php student_id sql injection