The session cookie in MailGates and MailAudit from Openfind does not have the HttpOnly flag enabled, allowing remote attackers to potentially steal the session cookie via XSS.
Metrics
Affected Vendors & Products
References
History
No history.
MITRE
Status: PUBLISHED
Assigner: twcert
Published: 2024-07-15T03:15:03.815Z
Updated: 2024-08-01T21:41:04.608Z
Reserved: 2024-07-15T02:57:13.364Z
Link: CVE-2024-6739
Vulnrichment
Updated: 2024-08-01T21:41:04.608Z
NVD
Status : Analyzed
Published: 2024-07-15T04:15:02.073
Modified: 2024-07-16T18:02:40.327
Link: CVE-2024-6739
Redhat
No data.