CVE-2024-6741

Published: Jul 15, 2024Modified: Nov 21, 2024

5.3

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Exploitability: 3.9 / Impact: 1.4

Source: NVD

Description

Openfind's Mail2000 has a vulnerability that allows the HttpOnly flag to be bypassed. Unauthenticated remote attackers can exploit this vulnerability using specific JavaScript code to obtain the session cookie with the HttpOnly flag enabled.

Affected (2)

Products: Openfind: Mail2000

Openfind

1 product

Mail2000

Configuration A

2 vulnerable

Vulnerable Software	Affected Versions
Openfind Mail2000	Version 7.0
Openfind Mail2000	Version 8.0

Related CWEs

CWE-693

Protection Mechanism Failure

The product does not use or incorrectly uses a protection mechanism that provides sufficient defense against directed attacks against the product.

References (6)

https://www.openfind.com.tw/taiwan/download/Openfind_OF-ISAC-24-007.pdf

Source: twcert@cert.org.tw

Exploit

https://www.twcert.org.tw/en/cp-139-7941-b66e7-2.html

Source: twcert@cert.org.tw

Third Party Advisory

https://www.twcert.org.tw/tw/cp-132-7940-0177a-1.html

Source: twcert@cert.org.tw

Third Party Advisory

https://www.openfind.com.tw/taiwan/download/Openfind_OF-ISAC-24-007.pdf

Source: af854a3a-2127-422b-91ae-364da2661108

Exploit

https://www.twcert.org.tw/en/cp-139-7941-b66e7-2.html

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

https://www.twcert.org.tw/tw/cp-132-7940-0177a-1.html

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

Timeline

No history available yet.