CVE Vulnerabilities

CVE-2024-6741

Protection Mechanism Failure

Published: Jul 15, 2024 | Modified: Nov 21, 2024
CVSS 3.x
5.3
MEDIUM
Source:
NVD
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
CVSS 2.x
RedHat/V2
RedHat/V3
Ubuntu

Openfinds Mail2000 has a vulnerability that allows the HttpOnly flag to be bypassed. Unauthenticated remote attackers can exploit this vulnerability using specific JavaScript code to obtain the session cookie with the HttpOnly flag enabled.

Weakness 

The product does not use or incorrectly uses a protection mechanism that provides sufficient defense against directed attacks against the product.

Affected Software 

Name Vendor Start Version End Version
Mail2000 Openfind 7.0 (including) 7.0 (including)
Mail2000 Openfind 8.0 (including) 8.0 (including)

References