CVE-2024-28064 | Kiteworks Totemomail up to 8.2.x EnvelopeOpenServlet displayLoginChunkedImages/storeLoginChunkedImages messageId path traversal
A vulnerability, which was classified as critical, has been found in Kiteworks Totemomail up to 8.2.x. Affected by this issue is the function displayLoginChunkedImages/storeLoginChunkedImages of the file /responsiveUI/EnvelopeOpenServlet. The manipulation of the argument messageId leads to path traversal.
This vulnerability is handled as CVE-2024-28064. Access to the local network is required for this attack. There is no exploit available.
It is recommended to upgrade the affected component.