Vulnerabilities > CVE-2024-6741 - Unspecified vulnerability in Openfind Mail2000 7.0/8.0
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
LOW Integrity impact
NONE Availability impact
NONE Summary
Openfind's Mail2000 has a vulnerability that allows the HttpOnly flag to be bypassed. Unauthenticated remote attackers can exploit this vulnerability using specific JavaScript code to obtain the session cookie with the HttpOnly flag enabled.
Vulnerable Configurations
Part | Description | Count |
---|---|---|
Application | 2 |
References
- https://www.openfind.com.tw/taiwan/download/Openfind_OF-ISAC-24-007.pdf
- https://www.openfind.com.tw/taiwan/download/Openfind_OF-ISAC-24-007.pdf
- https://www.twcert.org.tw/en/cp-139-7941-b66e7-2.html
- https://www.twcert.org.tw/en/cp-139-7941-b66e7-2.html
- https://www.twcert.org.tw/tw/cp-132-7940-0177a-1.html
- https://www.twcert.org.tw/tw/cp-132-7940-0177a-1.html