Products
Mail2000
Source
twcert@cert.org.tw
Tags
CVE-2024-6741 details
Published : July 15, 2024, 9:15 a.m.
Last Modified : July 15, 2024, 1 p.m.
Last Modified : July 15, 2024, 1 p.m.
Description
Openfind's Mail2000 has a vulnerability that allows the HttpOnly flag to be bypassed. Unauthenticated remote attackers can exploit this vulnerability using specific JavaScript code to obtain the session cookie with the HttpOnly flag enabled.
CVSS Score
| 1 | 2 | 3 | 4 | 5.8 | 6 | 7 | 8 | 9 | 10 |
|---|
Weakness
| Weakness | Name | Description |
|---|---|---|
| CWE-693 | Protection Mechanism Failure | The product does not use or incorrectly uses a protection mechanism that provides sufficient defense against directed attacks against the product. |
CVSS Data
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
Scope
CHANGED
Confidentiality Impact
LOW
Integrity Impact
NONE
Availability Impact
NONE
Base Score
5.8
Exploitability Score
3.9
Impact Score
1.4
Base Severity
MEDIUM
Vector String : CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N
References
| URL | Source |
|---|---|
| https://www.openfind.com.tw/taiwan/download/Openfind_OF-ISAC-24-007.pdf | twcert@cert.org.tw |
| https://www.twcert.org.tw/en/cp-139-7941-b66e7-2.html | twcert@cert.org.tw |
| https://www.twcert.org.tw/tw/cp-132-7940-0177a-1.html | twcert@cert.org.tw |
This website uses the NVD API, but is not approved or certified by it.