Описание
Kiteworks Totemomail 7.x and 8.x before 8.3.0 allows /responsiveUI/EnvelopeOpenServlet messageId directory traversal for unauthenticated file read and delete operations (with displayLoginChunkedImages) and write operations (with storeLoginChunkedImages).
EPSS
Процентиль: 81%
0.01559
Низкий
9.8 Critical
CVSS3
Дефекты
CWE-26
Связанные уязвимости
CVSS3: 9.1
github
больше 1 года назад
Kiteworks Totemomail 7.x and 8.x before 8.3.0 allows /responsiveUI/EnvelopeOpenServlet messageId directory traversal for unauthenticated file read and delete operations (with displayLoginChunkedImages) and write operations (with storeLoginChunkedImages).
EPSS
Процентиль: 81%
0.01559
Низкий
9.8 Critical
CVSS3
Дефекты
CWE-26