Vulnerabilities > CVE-2024-6741 - Unspecified vulnerability in Openfind Mail2000 7.0/8.0

CVSS 5.3 - MEDIUM

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

LOW

Integrity impact

NONE

Availability impact

NONE

network

low complexity

openfind

NVD

Published: 2024-07-15

Updated: 2024-07-19

Summary

Openfind's Mail2000 has a vulnerability that allows the HttpOnly flag to be bypassed. Unauthenticated remote attackers can exploit this vulnerability using specific JavaScript code to obtain the session cookie with the HttpOnly flag enabled.

Vulnerable Configurations

Part	Description	Count
Application	Openfind Openfind Mail2000 7.0 Openfind Mail2000 8.0	2

References

https://www.twcert.org.tw/tw/cp-132-7940-0177a-1.html
https://www.twcert.org.tw/en/cp-139-7941-b66e7-2.html
https://www.openfind.com.tw/taiwan/download/Openfind_OF-ISAC-24-007.pdf