CVE-2024-6741

medium

Description

Openfind's Mail2000 has a vulnerability that allows the HttpOnly flag to be bypassed. Unauthenticated remote attackers can exploit this vulnerability using specific JavaScript code to obtain the session cookie with the HttpOnly flag enabled.

References

https://www.twcert.org.tw/tw/cp-132-7940-0177a-1.html

https://www.twcert.org.tw/en/cp-139-7941-b66e7-2.html

https://www.openfind.com.tw/taiwan/download/Openfind_OF-ISAC-24-007.pdf

Details

Source: Mitre, NVD

Published: 2024-07-15

Updated: 2024-07-15

Risk Information

CVSS v2

Base Score: 5

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N

Severity: Medium

CVSS v3

Base Score: 5.8

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N