CVE-2024-6739
published 2024-07-15CVE-2024-6739: The session cookie in MailGates and MailAudit from Openfind does not have the HttpOnly flag enabled, allowing remote attackers to potentially steal the session…
PriorityP424medium6.1CVSS 3.1
AVNACLPRNUIRSCCLILAN
EPSS
0.45%
35.7th percentile
The session cookie in MailGates and MailAudit from Openfind does not have the HttpOnly flag enabled, allowing remote attackers to potentially steal the session cookie via XSS.
Affected
4 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| openfind | mailaudit | < 6.1.7.040 | 6.1.7.040 |
| openfind | mailaudit | >= all < V6.0 6.1.7.040 | V6.0 6.1.7.040 |
| openfind | mailgates | < 6.1.7.040 | 6.1.7.040 |
| openfind | mailgates | >= all < V6.0 6.1.7.040 | V6.0 6.1.7.040 |
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
https://www.openfind.com.tw/taiwan/download/Openfind_OF-ISAC-24-007.pdfhttps://www.twcert.org.tw/en/cp-139-7928-04e8a-2.htmlhttps://www.twcert.org.tw/tw/cp-132-7927-03837-1.htmlhttps://www.openfind.com.tw/taiwan/download/Openfind_OF-ISAC-24-007.pdfhttps://www.twcert.org.tw/en/cp-139-7928-04e8a-2.htmlhttps://www.twcert.org.tw/tw/cp-132-7927-03837-1.html
2024-07-15
Published