Openfinds Mail2000 has a vulnerability that allows the HttpOnly flag to be bypassed. Unauthenticated remote attackers can exploit this vulnerability using specific JavaScript code to obtain the session cookie with the HttpOnly flag enabled.
The product does not use or incorrectly uses a protection mechanism that provides sufficient defense against directed attacks against the product.
Name | Vendor | Start Version | End Version |
---|---|---|---|
Mail2000 | Openfind | 7.0 (including) | 7.0 (including) |
Mail2000 | Openfind | 8.0 (including) | 8.0 (including) |