Mail2000 Vulnerability Allows Bypass of HttpOnly Flag
CVE-2024-6741

5.3MEDIUM

Key Information:

Vendor: Openfind
Status: Mail2000
Vendor: CVE Published:; 15 July 2024

What is CVE-2024-6741?

Openfind's Mail2000 has a vulnerability that allows the HttpOnly flag to be bypassed. Unauthenticated remote attackers can exploit this vulnerability using specific JavaScript code to obtain the session cookie with the HttpOnly flag enabled.

References

https://www.twcert.org.tw/tw/cp-132-7940-0177a-1.html

https://www.twcert.org.tw/en/cp-139-7941-b66e7-2.html

https://www.openfind.com.tw/taiwan/download/Openfind_OF-I...

CVSS V3.1

Score:

5.3

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

None

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jul 15, 2024