Lucene search
TwcertCVE-2024-6741HistoryJul 15, 2024 - 9:15 a.m.
CVE-2024-6741
2024-07-1509:15:03
CWE-693
twcert
web.nvd.nist.gov
33
openfind mail2000
vulnerability
bypassing httponly
session cookie
remote attackers
javascript code
CVSS3
5.8
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
CHANGED
Confidentiality Impact
LOW
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N
AI Score
5.7
Confidence
High
EPSS
0.001
Percentile
21.0%
Openfind’s Mail2000 has a vulnerability that allows the HttpOnly flag to be bypassed. Unauthenticated remote attackers can exploit this vulnerability using specific JavaScript code to obtain the session cookie with the HttpOnly flag enabled.
Affected configurations
Node
openfindmail2000Match7.0
ORopenfindmail2000Match8.0
CNA Affected
[
{
"defaultStatus": "unaffected",
"product": "Mail2000 V7.0",
"vendor": "Openfind",
"versions": [
{
"lessThan": "Patch 131",
"status": "affected",
"version": "all",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Mail2000 V8.0",
"vendor": "Openfind",
"versions": [
{
"lessThan": "Patch 044",
"status": "affected",
"version": "all",
"versionType": "custom"
}
]
}
]Related
vulnrichment
vulnrichment
CVE-2024-6741 Openfind Mail2000 - HttpOnly flag bypass
2024-07-15 08:26:32
cvelist
cvelist
CVE-2024-6741 Openfind Mail2000 - HttpOnly flag bypass
2024-07-15 08:26:32
nvd
nvd
CVE-2024-6741
2024-07-15 09:15:03
CVSS3
5.8
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
CHANGED
Confidentiality Impact
LOW
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N
AI Score
5.7
Confidence
High
EPSS
0.001
Percentile
21.0%
Related for CVE-2024-6741