Unrated severityNVD Advisory· Published Jul 15, 2024· Updated Aug 1, 2024
Openfind MailGates and MailAudit - Sensitive Cookie Without 'HttpOnly' Flag
CVE-2024-6739
Description
The session cookie in MailGates and MailAudit from Openfind does not have the HttpOnly flag enabled, allowing remote attackers to potentially steal the session cookie via XSS.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
4Patches
Vulnerability mechanics
References
3- www.openfind.com.tw/taiwan/download/Openfind_OF-ISAC-24-007.pdfmitrevendor-advisory
- www.twcert.org.tw/en/cp-139-7928-04e8a-2.htmlmitrethird-party-advisory
- www.twcert.org.tw/tw/cp-132-7927-03837-1.htmlmitrethird-party-advisory
News mentions
0No linked articles in our index yet.