CVE-2024-6741

CVSS 3.1 Score 5.3 of 10 (medium)

Details

Published Jul 15, 2024

Updated: Jul 19, 2024

CWE ID 693

Summary

CVE-2024-6741 is a vulnerability affecting Openfind's Mail2000 software. The issue permits the HttpOnly flag, designed to secure cookies from being accessed through client-side scripts, to be bypassed. attackers can exploit this vulnerability without authentication, making it possible for them to obtain session cookies protected by the HttpOnly flag using crafted JavaScript code. This poses a significant risk for data theft and unauthorized access.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Openfind Mail2000

Affected Vendors

Openfind

Advisories, Assessments, and Mitigations

https://app.recordedfuture.com/live/sc/entity/xBaPO6
https://www.cve.org/CVERecord?id=CVE-2024-6741
https://nvd.nist.gov/vuln/detail/CVE-2024-6741

Back to Vulnerability Database