CVE-2024-6741

Openfind Mail2000 - HttpOnly flag bypass

CVSS 5.8 MEDIUMEPSS 0.6%CWE-693

Openfind's Mail2000 has a vulnerability that allows the HttpOnly flag to be bypassed. Unauthenticated remote attackers can exploit this vulnerability using specific JavaScript code to obtain the session cookie with the HttpOnly flag enabled.

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N

Productos afectados

Openfind · Mail2000 V7.0 Openfind · Mail2000 V8.0

¿Quieres saber si tu infraestructura está expuesta a esto?

Hablar con TrueHacking →

Referencias

https://www.openfind.com.tw/taiwan/download/Openfind_OF-ISAC-24-007.pdf https://www.twcert.org.tw/en/cp-139-7941-b66e7-2.html https://www.twcert.org.tw/tw/cp-132-7940-0177a-1.html