Mail2000 Vulnerability Allows Bypass of HttpOnly Flag
CVE-2024-6741

5.3MEDIUM

Key Information:

Vendor: Openfind
Status: Mail2000
Vendor: CVE Published:; 15 July 2024

Summary

Openfind's Mail2000 has a vulnerability that allows the HttpOnly flag to be bypassed. Unauthenticated remote attackers can exploit this vulnerability using specific JavaScript code to obtain the session cookie with the HttpOnly flag enabled.

References

https://www.twcert.org.tw/tw/cp-132-7940-0177a-1.html

https://www.twcert.org.tw/en/cp-139-7941-b66e7-2.html

https://www.openfind.com.tw/taiwan/download/Openfind_OF-I...

CVSS V3.1

Score:

5.3

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

None

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Jul 15, 2024

Collectors

NVD Database