CVE-2024-6741: Openfind Mail2000 - HttpOnly flag bypass
First published: Mon Jul 15 2024(Updated: )
Openfind's Mail2000 has a vulnerability that allows the HttpOnly flag to be bypassed. Unauthenticated remote attackers can exploit this vulnerability using specific JavaScript code to obtain the session cookie with the HttpOnly flag enabled.
Credit: twcert@cert.org.tw
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Openfind Mail2000 | =7.0 | |
| Openfind Mail2000 | =8.0 |
Remedy
Update Mail2000 V7.0 to Patch 131 or later Update Mail2000 V8.0 to Patch 044 or later
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- agent/remedy
- agent/weakness
- agent/title
- agent/references
- agent/type
- agent/description
- agent/first-publish-date
- agent/author
- agent/event
- collector/mitre-cve
- source/MITRE
- collector/epss-latest
- source/FIRST
- agent/epss
- collector/nvd-api
- source/NVD
- agent/software-canonical-lookup
- agent/last-modified-date
- agent/severity
- agent/softwarecombine
- agent/tags
- vendor/openfind
- canonical/openfind mail2000
- version/openfind mail2000/7.0
- version/openfind mail2000/8.0