CVE-2024-6741

Summary

Openfind's Mail2000 has a vulnerability that allows the HttpOnly flag to be bypassed. Unauthenticated remote attackers can exploit this vulnerability using specific JavaScript code to obtain the session cookie with the HttpOnly flag enabled.

Affected Software

VendorProductVersion RangeStatus
OpenfindMail2000 V7.0all < Patch 131affected
OpenfindMail2000 V8.0all < Patch 044affected

Weaknesses

  • CWE-693: CWE-693 Protection Mechanism Failure

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: yes
    • Technical Impact: partial

CVE Program Container

Additional References

References