Unrated severityNVD Advisory· Published Jul 15, 2024· Updated Aug 1, 2024

Openfind Mail2000 - HttpOnly flag bypass

CVE-2024-6741

Description

Openfind's Mail2000 has a vulnerability that allows the HttpOnly flag to be bypassed. Unauthenticated remote attackers can exploit this vulnerability using specific JavaScript code to obtain the session cookie with the HttpOnly flag enabled.

Affected products

Openfind/Mail2000llm-create3 versions
(expand)+ 2 more
- (no CPE)
- (no CPE)range: all
- (no CPE)range: all

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

www.openfind.com.tw/taiwan/download/Openfind_OF-ISAC-24-007.pdfmitrevendor-advisory
www.twcert.org.tw/en/cp-139-7941-b66e7-2.htmlmitrethird-party-advisory
www.twcert.org.tw/tw/cp-132-7940-0177a-1.htmlmitrethird-party-advisory

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000