Vulnerability Details CVE-2024-6739
The session cookie in MailGates and MailAudit from Openfind does not have the HttpOnly flag enabled, allowing remote attackers to potentially steal the session cookie via XSS.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.004
EPSS Ranking 33.5%
CVSS Severity
CVSS v3 Score 5.3
References
- https://www.openfind.com.tw/taiwan/download/Openfind_OF-ISAC-24-007.pdf
- https://www.twcert.org.tw/en/cp-139-7928-04e8a-2.html
- https://www.twcert.org.tw/tw/cp-132-7927-03837-1.html
- https://www.openfind.com.tw/taiwan/download/Openfind_OF-ISAC-24-007.pdf
- https://www.twcert.org.tw/en/cp-139-7928-04e8a-2.html
- https://www.twcert.org.tw/tw/cp-132-7927-03837-1.html
Products affected by CVE-2024-6739
-
cpe:2.3:a:openfind:mailaudit:4.0
-
cpe:2.3:a:openfind:mailaudit:5.0
-
cpe:2.3:a:openfind:mailaudit:5.2.7.036
-
cpe:2.3:a:openfind:mailgates:4.0
-
cpe:2.3:a:openfind:mailgates:5.0
-
cpe:2.3:a:openfind:mailgates:5.2.7.036