CVE-2024-6739

Summary

The session cookie in MailGates and MailAudit from Openfind does not have the HttpOnly flag enabled, allowing remote attackers to potentially steal the session cookie via XSS.

Affected Software

VendorProductVersion RangeStatus
OpenfindMailGatesall < V6.0 6.1.7.040affected
OpenfindMailAuditall < V6.0 6.1.7.040affected

Weaknesses

  • CWE-1004: CWE-1004 Sensitive Cookie Without 'HttpOnly' Flag

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

CVE Program Container

Additional References

References