go to Content
:::

TWCERT/CC Taiwan Computer Emergency Response Team/Coordination Center

:::
Date:
Font-stze:

Openfind MailGates and MailAudit - Sensitive Cookie Without 'HttpOnly' Flag

TVN ID TVN-202407005
CVE ID CVE-2024-6739
CVSS 5.3 (Medium)
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Affected Products MailGates before version V6.0 6.1.7.040
MailAudit before version V6.0 6.1.7.040
Description The session cookie in MailGates and MailAudit from Openfind does not have the HttpOnly flag enabled, allowing remote attackers to potentially steal the session cookie via XSS.
Solution Update MailGates V6.0 to version 6.1.7.040 or later.
Update MailAudit V6.0 to version 6.1.7.040 or later.
Credit 周詳(Ministry of Digital Affairs)
Public Date 2024-07-15
Top