CVE-2024-6741 Information

Description

Openfind’s Mail2000 has a vulnerability that allows the HttpOnly flag to be bypassed. Unauthenticated remote attackers can exploit this vulnerability using specific JavaScript code to obtain the session cookie with the HttpOnly flag enabled.

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N

Reference

https://www.twcert.org.tw/tw/cp-132-7940-0177a-1.html https://www.twcert.org.tw/en/cp-139-7941-b66e7-2.html https://www.openfind.com.tw/taiwan/download/Openfind_OF-ISAC-24-007.pdf

Attack Complexity

LOW

Privileges Required

NONE

User Interaction Required

NONE

Scope

NONE

Confidentiality Impact

CHANGED

Integrity Impact

LOW

Availability Impact

NONE

Base Score

NONE

Base Severity

5.8