Vulnerability Details CVE-2024-6741
Openfind's Mail2000 has a vulnerability that allows the HttpOnly flag to be bypassed. Unauthenticated remote attackers can exploit this vulnerability using specific JavaScript code to obtain the session cookie with the HttpOnly flag enabled.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.001
EPSS Ranking 32.6%
CVSS Severity
CVSS v3 Score 5.8
References
- https://www.openfind.com.tw/taiwan/download/Openfind_OF-ISAC-24-007.pdf
- https://www.twcert.org.tw/en/cp-139-7941-b66e7-2.html
- https://www.twcert.org.tw/tw/cp-132-7940-0177a-1.html
- https://www.openfind.com.tw/taiwan/download/Openfind_OF-ISAC-24-007.pdf
- https://www.twcert.org.tw/en/cp-139-7941-b66e7-2.html
- https://www.twcert.org.tw/tw/cp-132-7940-0177a-1.html