CVE-2024-6741
5.8
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N
Summary
Openfind's Mail2000 has a vulnerability that allows the HttpOnly flag to be bypassed. Unauthenticated remote attackers can exploit this vulnerability using specific JavaScript code to obtain the session cookie with the HttpOnly flag enabled.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Openfind | Mail2000 V7.0 | all < Patch 131 | affected |
| Openfind | Mail2000 V8.0 | all < Patch 044 | affected |
Weaknesses
- CWE-693: CWE-693 Protection Mechanism Failure
ADP Enrichment
CISA ADP Vulnrichment
- SSVC:
- Exploitation: none
- Automatable: yes
- Technical Impact: partial
CVE Program Container
Additional References
- https://www.twcert.org.tw/tw/cp-132-7940-0177a-1.html
- https://www.twcert.org.tw/en/cp-139-7941-b66e7-2.html
- https://www.openfind.com.tw/taiwan/download/Openfind_OF-ISAC-24-007.pdf
References
- https://www.twcert.org.tw/tw/cp-132-7940-0177a-1.html
- https://www.twcert.org.tw/en/cp-139-7941-b66e7-2.html
- https://www.openfind.com.tw/taiwan/download/Openfind_OF-ISAC-24-007.pdf
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.