CVE-2024-6739

Medium

The session cookie in MailGates and MailAudit from Openfind does not have the HttpOnly flag enabled, allowing remote attackers to…

twcert·CWE-1004·Published 2024-07-15

CVSS

6.1

EPSS

0.00

KEV

Exploits

cve.orgen

175 chars

The session cookie in MailGates and MailAudit from Openfind does not have the HttpOnly flag enabled, allowing remote attackers to potentially steal the session cookie via XSS.

NVDen

175 chars

The session cookie in MailGates and MailAudit from Openfind does not have the HttpOnly flag enabled, allowing remote attackers to potentially steal the session cookie via XSS.

NVDes

192 chars

La cookie de sesión en MailGates y MailAudit de Openfind no tiene el indicador HttpOnly habilitado, lo que permite a atacantes remotos potencialmente robar la cookie de sesión a través de XSS.

CVSS metrics across sources

Version	Type	Source	Base	Exp	Impact	Vector
3.1	Primary	NVD	6.1	2.8	2.7	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
3.1	Primary	cve.org	5.3	—	—	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N