Openfind Mail2000 V7.0 vulnerabilities
3 known vulnerabilities affecting openfind/mail2000_v7.0.
Total CVEs
3
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
HIGH1MEDIUM2
Vulnerabilities
Page 1 of 1
CVE-2024-5399P3HIGHCVSS 7.2≥ Patch 55, < Patch 1242024-05-27
CVE-2024-5399 [HIGH] CWE-78 CVE-2024-5399: Openfind Mail2000 does not properly filter parameters of specific API. Remote attackers with adminis
Openfind Mail2000 does not properly filter parameters of specific API. Remote attackers with administrative privileges can exploit this vulnerability to execute arbitrary system commands on the remote server.
nvd
CVE-2024-6741P4MEDIUMCVSS 5.3≥ all, < Patch 1312024-07-15
CVE-2024-6741 [MEDIUM] CWE-693 CVE-2024-6741: Openfind's Mail2000 has a vulnerability that allows the HttpOnly flag to be bypassed. Unauthenticate
Openfind's Mail2000 has a vulnerability that allows the HttpOnly flag to be bypassed. Unauthenticated remote attackers can exploit this vulnerability using specific JavaScript code to obtain the session cookie with the HttpOnly flag enabled.
nvd
CVE-2024-6740P4MEDIUMCVSS 6.1≥ all, < Patch 1312024-07-15
CVE-2024-6740 [MEDIUM] CWE-79 CVE-2024-6740: Openfind's Mail2000 does not properly validate email atachments, allowing unauthenticated remote att
Openfind's Mail2000 does not properly validate email atachments, allowing unauthenticated remote attackers to inject JavaScript code within the attachment and perform Stored Cross-site scripting attacks.
nvd