CVE-2024-6739

The session cookie in MailGates and MailAudit from Openfind does not have the HttpOnly flag enabled, allowing remote attackers to potentially steal the session cookie via XSS.

CVSS v3 6.1 MEDIUM

6.1^/10

CVSS v3 : MEDIUM

Vector :

Exploitability : 2.8 / Impact : 2.7

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction REQUIRED

Confidentiality Impact LOW

Integrity Impact LOW

Availability Impact NONE

Scope CHANGED

References

Link	Resource
https://www.openfind.com.tw/taiwan/download/Openfind_OF-ISAC-24-007.pdf	Exploit
https://www.twcert.org.tw/en/cp-139-7928-04e8a-2.html	Third Party Advisory
https://www.twcert.org.tw/tw/cp-132-7927-03837-1.html	Third Party Advisory

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:openfind:mailaudit::::::::
	cpe:2.3:a:openfind:mailgates::::::::

History

No history.

Information

Published : 2024-07-15 04:15

Updated : 2024-07-16 18:02

NVD link : CVE-2024-6739

Mitre link : CVE-2024-6739

CVE.ORG link : CVE-2024-6739

JSON object : View

Products Affected

openfind

mailgates
mailaudit

CWE

CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CWE-1004

Sensitive Cookie Without 'HttpOnly' Flag

{"id": "CVE-2024-6739", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "CHANGED", "version": "3.1", "baseScore": 6.1, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "LOW"}, "impactScore": 2.7, "exploitabilityScore": 2.8}, {"type": "Secondary", "source": "twcert@cert.org.tw", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.3, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "LOW"}, "impactScore": 1.4, "exploitabilityScore": 3.9}]}, "published": "2024-07-15T04:15:02.073", "references": [{"url": "https://www.openfind.com.tw/taiwan/download/Openfind_OF-ISAC-24-007.pdf", "tags": ["Exploit"], "source": "twcert@cert.org.tw"}, {"url": "https://www.twcert.org.tw/en/cp-139-7928-04e8a-2.html", "tags": ["Third Party Advisory"], "source": "twcert@cert.org.tw"}, {"url": "https://www.twcert.org.tw/tw/cp-132-7927-03837-1.html", "tags": ["Third Party Advisory"], "source": "twcert@cert.org.tw"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-79"}]}, {"type": "Secondary", "source": "twcert@cert.org.tw", "description": [{"lang": "en", "value": "CWE-1004"}]}], "descriptions": [{"lang": "en", "value": "The session cookie in MailGates and MailAudit from Openfind does not have the HttpOnly flag enabled, allowing remote attackers to potentially steal the session cookie via XSS."}, {"lang": "es", "value": "La cookie de sesi\u00f3n en MailGates y MailAudit de Openfind no tiene el indicador HttpOnly habilitado, lo que permite a atacantes remotos potencialmente robar la cookie de sesi\u00f3n a trav\u00e9s de XSS."}], "lastModified": "2024-07-16T18:02:40.327", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:openfind:mailaudit:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "AD9F67A2-3B7D-4883-8EC0-6B8473D9D621", "versionEndExcluding": "6.1.7.040"}, {"criteria": "cpe:2.3:a:openfind:mailgates:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "AD67B0A9-415B-4005-9FE5-21FDC1A12619", "versionEndExcluding": "6.1.7.040"}], "operator": "OR"}]}], "sourceIdentifier": "twcert@cert.org.tw"}