How severe is CVE-2024-6739?

CVE-2024-6739 has a CVSS v3 score of 5.3 (MEDIUM).

CVE-2024-6739

Name: mailgates
Author: openfind

5.3MEDIUM

The session cookie in MailGates and MailAudit from Openfind does not have the HttpOnly flag enabled, allowing remote attackers to potentially steal the session cookie via XSS.

게시됨: 7/15/2024업데이트됨: 11/21/2024

설명

The session cookie in MailGates and MailAudit from Openfind does not have the HttpOnly flag enabled, allowing remote attackers to potentially steal the session cookie via XSS.

AI 분석AI 기반

영향받는 제품

openfindmailaudit

openfindmailgates

참조

https://www.openfind.com.tw/taiwan/download/Openfind_OF-ISAC-24-007.pdf
Exploit
https://www.twcert.org.tw/en/cp-139-7928-04e8a-2.html
Third Party Advisory
https://www.twcert.org.tw/tw/cp-132-7927-03837-1.html
Third Party Advisory
https://www.openfind.com.tw/taiwan/download/Openfind_OF-ISAC-24-007.pdf
Exploit
https://www.twcert.org.tw/en/cp-139-7928-04e8a-2.html
Third Party Advisory
https://www.twcert.org.tw/tw/cp-132-7927-03837-1.html
Third Party Advisory