CRITICAL🇵🇱 Wersja polska

CVE-2024-28064

CVSS 9.8v3.1pub. 2024-05-18upd. 2026-04-15

Kiteworks Totemomail 7.x and 8.x before 8.3.0 allows /responsiveUI/EnvelopeOpenServlet messageId directory traversal for unauthenticated file read and delete operations (with displayLoginChunkedImages) and write operations (with storeLoginChunkedImages).

🤖 AI Analysis
How it works

The Totemomail application exposes an endpoint /responsiveUI/EnvelopeOpenServlet that accepts a messageId parameter without proper path validation and sanitization. An attacker can pass a specially crafted parameter value containing path traversal sequences (e.g., '../') to escape the allowed directory. Through the displayLoginChunkedImages operation, unauthorized file read and delete operations are possible, while the storeLoginChunkedImages operation enables unauthorized writing of arbitrary files to the system.

Impact

An unauthenticated attacker can read sensitive files from the server operating system, write arbitrary files (which may lead to server takeover, e.g., through webshell upload), and permanently delete files, causing service unavailability or data loss.

Mitigation & patch

Kiteworks Totemomail must be immediately updated to version 8.3.0 or later. Until the patch is deployed, it is recommended to restrict network access to the vulnerable endpoint /responsiveUI/EnvelopeOpenServlet at the firewall or reverse proxy level.

Who is affected

Kiteworks Totemomail versions 7.x and 8.x prior to version 8.3.0

Analysis generated by Claude AI (Anthropic) based on NVD data. Always verify with vendor.
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
Tags
Path Traversal
CWE
References