CVE-2024-6741 - Protection Mechanism Failure

Severity

57%

Complexity

39%

Confidentiality

23%

Openfind's Mail2000 has a vulnerability that allows the HttpOnly flag to be bypassed. Unauthenticated remote attackers can exploit this vulnerability using specific JavaScript code to obtain the session cookie with the HttpOnly flag enabled.

CVSS 3.1 Base Score 5.8. CVSS Attack Vector: network. CVSS Attack Complexity: low. CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N).

CVSS 3.1 Base Score 5.3. CVSS Attack Vector: network. CVSS Attack Complexity: low. CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N).

Overview

First reported 7 months ago

2024-07-15 09:15:00

Last updated 3 months ago

2024-11-21 09:50:00

Affected Software

Openfind Mail2000 7.0

7.0

References

https://www.twcert.org.tw/tw/cp-132-7940-0177a-1.html

https://www.twcert.org.tw/en/cp-139-7941-b66e7-2.html

https://www.openfind.com.tw/taiwan/download/Openfind_OF-ISAC-24-007.pdf

Stay updated

ExploitPedia is constantly evolving. Sign up to receive a notification when we release additional functionality.

Get in touch

If you'd like to report a bug or have any suggestions for improvements then please do get in touch with us using this form. We will get back to you as soon as we can.

CVE-2024-6741 - Protection Mechanism Failure

Severity

What is severity?

Complexity

What is complexity?

Confidentiality

What is confidentiality?

Overview

First reported 7 months ago

Last updated 3 months ago

Affected Software

Openfind Mail2000 7.0

References

https://www.twcert.org.tw/tw/cp-132-7940-0177a-1.html

https://www.twcert.org.tw/en/cp-139-7941-b66e7-2.html

https://www.openfind.com.tw/taiwan/download/Openfind_OF-ISAC-24-007.pdf

https://www.twcert.org.tw/tw/cp-132-7940-0177a-1.html

https://www.twcert.org.tw/en/cp-139-7941-b66e7-2.html

https://www.openfind.com.tw/taiwan/download/Openfind_OF-ISAC-24-007.pdf

Stay updated

Get in touch