CVE Vulnerabilities

CVE-2024-6741

Published: Jul 15, 2024 | Modified: Jul 19, 2024
CVSS 3.x
5.3
MEDIUM
Source:
NVD
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
CVSS 2.x
RedHat/V2
RedHat/V3
Ubuntu

Openfinds Mail2000 has a vulnerability that allows the HttpOnly flag to be bypassed. Unauthenticated remote attackers can exploit this vulnerability using specific JavaScript code to obtain the session cookie with the HttpOnly flag enabled.

Affected Software

Name Vendor Start Version End Version
Mail2000 Openfind 7.0 (including) 7.0 (including)
Mail2000 Openfind 8.0 (including) 8.0 (including)

References