CVE-2024-6741 (GCVE-0-2024-6741)
Vulnerability from cvelistv5
Published
2024-07-15 08:26
Modified
2024-08-01 21:41
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-693 - Protection Mechanism Failure
Summary
Openfind's Mail2000 has a vulnerability that allows the HttpOnly flag to be bypassed. Unauthenticated remote attackers can exploit this vulnerability using specific JavaScript code to obtain the session cookie with the HttpOnly flag enabled.
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| Openfind | Mail2000 V7.0 |
Version: all < Patch 131 |
|||||||
|
|||||||||
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:openfind:mail2000:7.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "mail2000",
"vendor": "openfind",
"versions": [
{
"lessThan": "patch_131",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:openfind:mail2000:8.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "mail2000",
"vendor": "openfind",
"versions": [
{
"lessThan": "patch_044",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-6741",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-07-15T13:49:49.207740Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-07-15T13:54:55.487Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-01T21:41:04.558Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"third-party-advisory",
"x_transferred"
],
"url": "https://www.twcert.org.tw/tw/cp-132-7940-0177a-1.html"
},
{
"tags": [
"third-party-advisory",
"x_transferred"
],
"url": "https://www.twcert.org.tw/en/cp-139-7941-b66e7-2.html"
},
{
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://www.openfind.com.tw/taiwan/download/Openfind_OF-ISAC-24-007.pdf"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Mail2000 V7.0",
"vendor": "Openfind",
"versions": [
{
"lessThan": "Patch 131",
"status": "affected",
"version": "all",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Mail2000 V8.0",
"vendor": "Openfind",
"versions": [
{
"lessThan": "Patch 044",
"status": "affected",
"version": "all",
"versionType": "custom"
}
]
}
],
"datePublic": "2024-07-15T08:22:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Openfind\u0027s Mail2000 has a vulnerability that allows the HttpOnly flag to be bypassed. Unauthenticated remote attackers can exploit this vulnerability using specific JavaScript code to obtain the session cookie with the HttpOnly flag enabled."
}
],
"value": "Openfind\u0027s Mail2000 has a vulnerability that allows the HttpOnly flag to be bypassed. Unauthenticated remote attackers can exploit this vulnerability using specific JavaScript code to obtain the session cookie with the HttpOnly flag enabled."
}
],
"impacts": [
{
"capecId": "CAPEC-31",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-31 Accessing/Intercepting/Modifying HTTP Cookies"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-693",
"description": "CWE-693 Protection Mechanism Failure",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-07-15T08:33:27.299Z",
"orgId": "cded6c7f-6ce5-4948-8f87-aa7a3bbb6b0e",
"shortName": "twcert"
},
"references": [
{
"tags": [
"third-party-advisory"
],
"url": "https://www.twcert.org.tw/tw/cp-132-7940-0177a-1.html"
},
{
"tags": [
"third-party-advisory"
],
"url": "https://www.twcert.org.tw/en/cp-139-7941-b66e7-2.html"
},
{
"tags": [
"vendor-advisory"
],
"url": "https://www.openfind.com.tw/taiwan/download/Openfind_OF-ISAC-24-007.pdf"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eUpdate Mail2000 V7.0 to Patch 131 or later\u003c/span\u003e\u003cbr\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eUpdate Mail2000 V8.0 to Patch 044 or later\u003c/span\u003e\n\n\u003cbr\u003e"
}
],
"value": "Update Mail2000 V7.0 to Patch 131 or later\nUpdate Mail2000 V8.0 to Patch 044 or later"
}
],
"source": {
"advisory": "TVN-202407007",
"discovery": "EXTERNAL"
},
"title": "Openfind Mail2000 - HttpOnly flag bypass",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "cded6c7f-6ce5-4948-8f87-aa7a3bbb6b0e",
"assignerShortName": "twcert",
"cveId": "CVE-2024-6741",
"datePublished": "2024-07-15T08:26:32.252Z",
"dateReserved": "2024-07-15T03:34:25.851Z",
"dateUpdated": "2024-08-01T21:41:04.558Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"vulnerability-lookup:meta": {
"vulnrichment": {
"containers": "{\"adp\": [{\"title\": \"CVE Program Container\", \"references\": [{\"url\": \"https://www.twcert.org.tw/tw/cp-132-7940-0177a-1.html\", \"tags\": [\"third-party-advisory\", \"x_transferred\"]}, {\"url\": \"https://www.twcert.org.tw/en/cp-139-7941-b66e7-2.html\", \"tags\": [\"third-party-advisory\", \"x_transferred\"]}, {\"url\": \"https://www.openfind.com.tw/taiwan/download/Openfind_OF-ISAC-24-007.pdf\", \"tags\": [\"vendor-advisory\", \"x_transferred\"]}], \"providerMetadata\": {\"orgId\": \"af854a3a-2127-422b-91ae-364da2661108\", \"shortName\": \"CVE\", \"dateUpdated\": \"2024-08-01T21:41:04.558Z\"}}, {\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2024-6741\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"yes\"}, {\"Technical Impact\": \"partial\"}], \"version\": \"2.0.3\", \"timestamp\": \"2024-07-15T13:49:49.207740Z\"}}}], \"affected\": [{\"cpes\": [\"cpe:2.3:a:openfind:mail2000:7.0:*:*:*:*:*:*:*\"], \"vendor\": \"openfind\", \"product\": \"mail2000\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"patch_131\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"cpes\": [\"cpe:2.3:a:openfind:mail2000:8.0:*:*:*:*:*:*:*\"], \"vendor\": \"openfind\", \"product\": \"mail2000\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"patch_044\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2024-07-15T13:52:40.822Z\"}}], \"cna\": {\"title\": \"Openfind Mail2000 - HttpOnly flag bypass\", \"source\": {\"advisory\": \"TVN-202407007\", \"discovery\": \"EXTERNAL\"}, \"impacts\": [{\"capecId\": \"CAPEC-31\", \"descriptions\": [{\"lang\": \"en\", \"value\": \"CAPEC-31 Accessing/Intercepting/Modifying HTTP Cookies\"}]}], \"metrics\": [{\"format\": \"CVSS\", \"cvssV3_1\": {\"scope\": \"CHANGED\", \"version\": \"3.1\", \"baseScore\": 5.8, \"attackVector\": \"NETWORK\", \"baseSeverity\": \"MEDIUM\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N\", \"integrityImpact\": \"NONE\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"LOW\", \"availabilityImpact\": \"NONE\", \"privilegesRequired\": \"NONE\", \"confidentialityImpact\": \"LOW\"}, \"scenarios\": [{\"lang\": \"en\", \"value\": \"GENERAL\"}]}], \"affected\": [{\"vendor\": \"Openfind\", \"product\": \"Mail2000 V7.0\", \"versions\": [{\"status\": \"affected\", \"version\": \"all\", \"lessThan\": \"Patch 131\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unaffected\"}, {\"vendor\": \"Openfind\", \"product\": \"Mail2000 V8.0\", \"versions\": [{\"status\": \"affected\", \"version\": \"all\", \"lessThan\": \"Patch 044\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unaffected\"}], \"solutions\": [{\"lang\": \"en\", \"value\": \"Update Mail2000 V7.0 to Patch 131 or later\\nUpdate Mail2000 V8.0 to Patch 044 or later\", \"supportingMedia\": [{\"type\": \"text/html\", \"value\": \"\\n\\n\u003cspan style=\\\"background-color: rgb(255, 255, 255);\\\"\u003eUpdate Mail2000 V7.0 to Patch 131 or later\u003c/span\u003e\u003cbr\u003e\u003cspan style=\\\"background-color: rgb(255, 255, 255);\\\"\u003eUpdate Mail2000 V8.0 to Patch 044 or later\u003c/span\u003e\\n\\n\u003cbr\u003e\", \"base64\": false}]}], \"datePublic\": \"2024-07-15T08:22:00.000Z\", \"references\": [{\"url\": \"https://www.twcert.org.tw/tw/cp-132-7940-0177a-1.html\", \"tags\": [\"third-party-advisory\"]}, {\"url\": \"https://www.twcert.org.tw/en/cp-139-7941-b66e7-2.html\", \"tags\": [\"third-party-advisory\"]}, {\"url\": \"https://www.openfind.com.tw/taiwan/download/Openfind_OF-ISAC-24-007.pdf\", \"tags\": [\"vendor-advisory\"]}], \"x_generator\": {\"engine\": \"Vulnogram 0.2.0\"}, \"descriptions\": [{\"lang\": \"en\", \"value\": \"Openfind\u0027s Mail2000 has a vulnerability that allows the HttpOnly flag to be bypassed. Unauthenticated remote attackers can exploit this vulnerability using specific JavaScript code to obtain the session cookie with the HttpOnly flag enabled.\", \"supportingMedia\": [{\"type\": \"text/html\", \"value\": \"Openfind\u0027s Mail2000 has a vulnerability that allows the HttpOnly flag to be bypassed. Unauthenticated remote attackers can exploit this vulnerability using specific JavaScript code to obtain the session cookie with the HttpOnly flag enabled.\", \"base64\": false}]}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-693\", \"description\": \"CWE-693 Protection Mechanism Failure\"}]}], \"providerMetadata\": {\"orgId\": \"cded6c7f-6ce5-4948-8f87-aa7a3bbb6b0e\", \"shortName\": \"twcert\", \"dateUpdated\": \"2024-07-15T08:33:27.299Z\"}}}",
"cveMetadata": "{\"cveId\": \"CVE-2024-6741\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2024-08-01T21:41:04.558Z\", \"dateReserved\": \"2024-07-15T03:34:25.851Z\", \"assignerOrgId\": \"cded6c7f-6ce5-4948-8f87-aa7a3bbb6b0e\", \"datePublished\": \"2024-07-15T08:26:32.252Z\", \"assignerShortName\": \"twcert\"}",
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.
Loading…
Loading…