Openfind Mail2000 V8.0 vulnerabilities
4 known vulnerabilities affecting openfind/mail2000_v8.0.
Total CVEs
4
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
HIGH2MEDIUM2
Vulnerabilities
Page 1 of 1
CVE-2024-5400P2HIGHCVSS 8.8≥ earlier, < Patch 342024-05-27
CVE-2024-5400 [HIGH] CWE-78 CVE-2024-5400: Openfind Mail2000 does not properly filter parameters of specific CGI. Remote attackers with regular
Openfind Mail2000 does not properly filter parameters of specific CGI. Remote attackers with regular privileges can exploit this vulnerability to execute arbitrary system commands on the remote server.
nvd
CVE-2024-5399P3HIGHCVSS 7.2≥ earlier, < Patch 312024-05-27
CVE-2024-5399 [HIGH] CWE-78 CVE-2024-5399: Openfind Mail2000 does not properly filter parameters of specific API. Remote attackers with adminis
Openfind Mail2000 does not properly filter parameters of specific API. Remote attackers with administrative privileges can exploit this vulnerability to execute arbitrary system commands on the remote server.
nvd
CVE-2024-6741P4MEDIUMCVSS 5.3≥ all, < Patch 0442024-07-15
CVE-2024-6741 [MEDIUM] CWE-693 CVE-2024-6741: Openfind's Mail2000 has a vulnerability that allows the HttpOnly flag to be bypassed. Unauthenticate
Openfind's Mail2000 has a vulnerability that allows the HttpOnly flag to be bypassed. Unauthenticated remote attackers can exploit this vulnerability using specific JavaScript code to obtain the session cookie with the HttpOnly flag enabled.
nvd
CVE-2024-6740P4MEDIUMCVSS 6.1≥ all, < Patch 0442024-07-15
CVE-2024-6740 [MEDIUM] CWE-79 CVE-2024-6740: Openfind's Mail2000 does not properly validate email atachments, allowing unauthenticated remote att
Openfind's Mail2000 does not properly validate email atachments, allowing unauthenticated remote attackers to inject JavaScript code within the attachment and perform Stored Cross-site scripting attacks.
nvd