Session Cookie Vulnerability in MailGates
CVE-2024-6739

6.1MEDIUM

Key Information:

Vendor: Openfind
Status: Mailgates; Mailaudit
Vendor: CVE Published:; 15 July 2024

Summary

The session cookie in MailGates and MailAudit from Openfind does not have the HttpOnly flag enabled, allowing remote attackers to potentially steal the session cookie via XSS.

Affected Version(s)

MailAudit all

MailGates all

References

https://www.twcert.org.tw/tw/cp-132-7927-03837-1.html

third-party-advisory

https://www.twcert.org.tw/en/cp-139-7928-04e8a-2.html

third-party-advisory

https://www.openfind.com.tw/taiwan/download/Openfind_OF-I...

vendor-advisory

CVSS V3.1

Score:

6.1

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Changed

Timeline

Vulnerability published
Jul 15, 2024