← voltar
CVE-2024-6741

Openfind Mail2000 - HttpOnly flag bypass

CVSS 5.8 MEDIUMEPSS 0.6%CWE-693
Openfind's Mail2000 has a vulnerability that allows the HttpOnly flag to be bypassed. Unauthenticated remote attackers can exploit this vulnerability using specific JavaScript code to obtain the session cookie with the HttpOnly flag enabled.
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N
Produtos afetados
Openfind · Mail2000 V7.0Openfind · Mail2000 V8.0

Quer saber se a sua infraestrutura está exposta a isto?

Falar com a TrueHacking →
Referências
https://www.openfind.com.tw/taiwan/download/Openfind_OF-ISAC-24-007.pdfhttps://www.twcert.org.tw/en/cp-139-7941-b66e7-2.htmlhttps://www.twcert.org.tw/tw/cp-132-7940-0177a-1.html