ГлавнаяУязвимости → CVE-2024-28064
9.8критическая

CVE-2024-28064

Описание

Kiteworks Totemomail 7.x and 8.x before 8.3.0 allows /responsiveUI/EnvelopeOpenServlet messageId directory traversal for unauthenticated file read and delete operations (with displayLoginChunkedImages) and write operations (with storeLoginChunkedImages).

CVSS
Балл9.8 — критическая
ВекторCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Источники
https://www.objectif-securite.ch/advisories/totemomail-path-traversal.txthttps://www.objectif-securite.ch/advisories/totemomail-path-traversal.txt