CVE-2024-6739
CVSS 3.1 Score 6.1 of 10 (medium)
Details
Published Jul 15, 2024
Updated: Jul 16, 2024
CWE ID 79
CWE ID 1004
Summary
CVE-2024-6739 is a vulnerability affecting MailGates and MailAudit software from Openfind. The issue lies in the lack of the HttpOnly flag for session cookies, making them susceptible to theft via Cross-Site Scripting (XSS) attacks. An attacker could inject malicious scripts into a user's browser, which, in turn, could steal the user's session cookie. This could lead to unauthorized access to the affected email accounts. Users are advised to update their MailGates and MailAudit software to a patched version as soon as possible to mitigate this risk.
Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.
Share
Affected Products
- Openfind Mailgates
Affected Vendors
- Openfind