Kiteworks Totemomail 7.x and 8.x before 8.3.0 allows /responsiveUI/EnvelopeOpenServlet messageId directory traversal for unauthenticated file read and delete operations (with displayLoginChunkedImages) and write operations (with storeLoginChunkedImages).
References
Configurations
No configuration.
History
06 Sep 2024, 18:35
Type | Values Removed | Values Added |
---|---|---|
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 9.8 |
01 Aug 2024, 13:48
Type | Values Removed | Values Added |
---|---|---|
Summary |
|
|
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 9.1 |
CWE | CWE-26 |
18 May 2024, 22:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2024-05-18 22:15
Updated : 2024-09-06 18:35
NVD link : CVE-2024-28064
Mitre link : CVE-2024-28064
CVE.ORG link : CVE-2024-28064
JSON object : View
Products Affected
No product.
CWE
CWE-26
Path Traversal: '/dir/../filename'