CVE-2024-6739 (GCVE-0-2024-6739)

Vulnerability from cvelistv5 – Published: 2024-07-15 03:15 – Updated: 2024-08-01 21:41
VLAI?
Title
Openfind MailGates and MailAudit - Sensitive Cookie Without 'HttpOnly' Flag
Summary
The session cookie in MailGates and MailAudit from Openfind does not have the HttpOnly flag enabled, allowing remote attackers to potentially steal the session cookie via XSS.
Severity ?
5.3 (Medium)
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
CWE
  • CWE-1004 - Sensitive Cookie Without 'HttpOnly' Flag
Assigner
References
Impacted products
Vendor Product Version
Openfind MailGates Affected: all , < V6.0 6.1.7.040 (custom)
Create a notification for this product.
    Openfind MailAudit Affected: all , < V6.0 6.1.7.040 (custom)
Create a notification for this product.
Show details on NVD website
To clipboard 

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-6739",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-07-24T19:15:56.789929Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-07-24T19:16:09.944Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-01T21:41:04.608Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "third-party-advisory",
              "x_transferred"
            ],
            "url": "https://www.twcert.org.tw/tw/cp-132-7927-03837-1.html"
          },
          {
            "tags": [
              "third-party-advisory",
              "x_transferred"
            ],
            "url": "https://www.twcert.org.tw/en/cp-139-7928-04e8a-2.html"
          },
          {
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://www.openfind.com.tw/taiwan/download/Openfind_OF-ISAC-24-007.pdf"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "MailGates",
          "vendor": "Openfind",
          "versions": [
            {
              "lessThan": "V6.0 6.1.7.040",
              "status": "affected",
              "version": "all",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "MailAudit",
          "vendor": "Openfind",
          "versions": [
            {
              "lessThan": "V6.0 6.1.7.040",
              "status": "affected",
              "version": "all",
              "versionType": "custom"
            }
          ]
        }
      ],
      "datePublic": "2024-07-15T03:08:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "The session cookie in MailGates and MailAudit from Openfind does not have the HttpOnly flag enabled, allowing remote attackers to potentially steal the session cookie via XSS."
            }
          ],
          "value": "The session cookie in MailGates and MailAudit from Openfind does not have the HttpOnly flag enabled, allowing remote attackers to potentially steal the session cookie via XSS."
        }
      ],
      "impacts": [
        {
          "capecId": "CAPEC-31",
          "descriptions": [
            {
              "lang": "en",
              "value": "CAPEC-31 Accessing/Intercepting/Modifying HTTP Cookies"
            }
          ]
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 5.3,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-1004",
              "description": "CWE-1004 Sensitive Cookie Without \u0027HttpOnly\u0027 Flag",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-07-15T03:17:02.773Z",
        "orgId": "cded6c7f-6ce5-4948-8f87-aa7a3bbb6b0e",
        "shortName": "twcert"
      },
      "references": [
        {
          "tags": [
            "third-party-advisory"
          ],
          "url": "https://www.twcert.org.tw/tw/cp-132-7927-03837-1.html"
        },
        {
          "tags": [
            "third-party-advisory"
          ],
          "url": "https://www.twcert.org.tw/en/cp-139-7928-04e8a-2.html"
        },
        {
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://www.openfind.com.tw/taiwan/download/Openfind_OF-ISAC-24-007.pdf"
        }
      ],
      "solutions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "Update MailGates V6.0 to version 6.1.7.040 or later.\u003cbr\u003eUpdate MailAudit V6.0 to version 6.1.7.040 or later.\u003cbr\u003e\u003cbr\u003e"
            }
          ],
          "value": "Update MailGates V6.0 to version 6.1.7.040 or later.\nUpdate MailAudit V6.0 to version 6.1.7.040 or later."
        }
      ],
      "source": {
        "advisory": "TVN-202407005",
        "discovery": "EXTERNAL"
      },
      "title": "Openfind MailGates and MailAudit - Sensitive Cookie Without \u0027HttpOnly\u0027 Flag",
      "x_generator": {
        "engine": "Vulnogram 0.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "cded6c7f-6ce5-4948-8f87-aa7a3bbb6b0e",
    "assignerShortName": "twcert",
    "cveId": "CVE-2024-6739",
    "datePublished": "2024-07-15T03:15:03.815Z",
    "dateReserved": "2024-07-15T02:57:13.364Z",
    "dateUpdated": "2024-08-01T21:41:04.608Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "nvd": "{\"cve\":{\"id\":\"CVE-2024-6739\",\"sourceIdentifier\":\"twcert@cert.org.tw\",\"published\":\"2024-07-15T04:15:02.073\",\"lastModified\":\"2024-11-21T09:50:13.223\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"The session cookie in MailGates and MailAudit from Openfind does not have the HttpOnly flag enabled, allowing remote attackers to potentially steal the session cookie via XSS.\"},{\"lang\":\"es\",\"value\":\"La cookie de sesi\u00f3n en MailGates y MailAudit de Openfind no tiene el indicador HttpOnly habilitado, lo que permite a atacantes remotos potencialmente robar la cookie de sesi\u00f3n a trav\u00e9s de XSS.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"twcert@cert.org.tw\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N\",\"baseScore\":5.3,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"LOW\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":3.9,\"impactScore\":1.4},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N\",\"baseScore\":6.1,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"REQUIRED\",\"scope\":\"CHANGED\",\"confidentialityImpact\":\"LOW\",\"integrityImpact\":\"LOW\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":2.8,\"impactScore\":2.7}]},\"weaknesses\":[{\"source\":\"twcert@cert.org.tw\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-1004\"}]},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-732\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:openfind:mailaudit:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"6.1.7.040\",\"matchCriteriaId\":\"AD9F67A2-3B7D-4883-8EC0-6B8473D9D621\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:openfind:mailgates:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"6.1.7.040\",\"matchCriteriaId\":\"AD67B0A9-415B-4005-9FE5-21FDC1A12619\"}]}]}],\"references\":[{\"url\":\"https://www.openfind.com.tw/taiwan/download/Openfind_OF-ISAC-24-007.pdf\",\"source\":\"twcert@cert.org.tw\",\"tags\":[\"Exploit\"]},{\"url\":\"https://www.twcert.org.tw/en/cp-139-7928-04e8a-2.html\",\"source\":\"twcert@cert.org.tw\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://www.twcert.org.tw/tw/cp-132-7927-03837-1.html\",\"source\":\"twcert@cert.org.tw\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://www.openfind.com.tw/taiwan/download/Openfind_OF-ISAC-24-007.pdf\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Exploit\"]},{\"url\":\"https://www.twcert.org.tw/en/cp-139-7928-04e8a-2.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://www.twcert.org.tw/tw/cp-132-7927-03837-1.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]}]}}",
    "vulnrichment": {
      "containers": "{\"adp\": [{\"title\": \"CVE Program Container\", \"references\": [{\"url\": \"https://www.twcert.org.tw/tw/cp-132-7927-03837-1.html\", \"tags\": [\"third-party-advisory\", \"x_transferred\"]}, {\"url\": \"https://www.twcert.org.tw/en/cp-139-7928-04e8a-2.html\", \"tags\": [\"third-party-advisory\", \"x_transferred\"]}, {\"url\": \"https://www.openfind.com.tw/taiwan/download/Openfind_OF-ISAC-24-007.pdf\", \"tags\": [\"vendor-advisory\", \"x_transferred\"]}], \"providerMetadata\": {\"orgId\": \"af854a3a-2127-422b-91ae-364da2661108\", \"shortName\": \"CVE\", \"dateUpdated\": \"2024-08-01T21:41:04.608Z\"}}, {\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2024-6739\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"partial\"}], \"version\": \"2.0.3\", \"timestamp\": \"2024-07-24T19:15:56.789929Z\"}}}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2024-07-24T19:16:04.544Z\"}}], \"cna\": {\"title\": \"Openfind MailGates and MailAudit - Sensitive Cookie Without \u0027HttpOnly\u0027 Flag\", \"source\": {\"advisory\": \"TVN-202407005\", \"discovery\": \"EXTERNAL\"}, \"impacts\": [{\"capecId\": \"CAPEC-31\", \"descriptions\": [{\"lang\": \"en\", \"value\": \"CAPEC-31 Accessing/Intercepting/Modifying HTTP Cookies\"}]}], \"metrics\": [{\"format\": \"CVSS\", \"cvssV3_1\": {\"scope\": \"UNCHANGED\", \"version\": \"3.1\", \"baseScore\": 5.3, \"attackVector\": \"NETWORK\", \"baseSeverity\": \"MEDIUM\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N\", \"integrityImpact\": \"NONE\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"LOW\", \"availabilityImpact\": \"NONE\", \"privilegesRequired\": \"NONE\", \"confidentialityImpact\": \"LOW\"}, \"scenarios\": [{\"lang\": \"en\", \"value\": \"GENERAL\"}]}], \"affected\": [{\"vendor\": \"Openfind\", \"product\": \"MailGates\", \"versions\": [{\"status\": \"affected\", \"version\": \"all\", \"lessThan\": \"V6.0 6.1.7.040\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unaffected\"}, {\"vendor\": \"Openfind\", \"product\": \"MailAudit\", \"versions\": [{\"status\": \"affected\", \"version\": \"all\", \"lessThan\": \"V6.0 6.1.7.040\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unaffected\"}], \"solutions\": [{\"lang\": \"en\", \"value\": \"Update MailGates V6.0 to version 6.1.7.040 or later.\\nUpdate MailAudit V6.0 to version 6.1.7.040 or later.\", \"supportingMedia\": [{\"type\": \"text/html\", \"value\": \"Update MailGates V6.0 to version 6.1.7.040 or later.\u003cbr\u003eUpdate MailAudit V6.0 to version 6.1.7.040 or later.\u003cbr\u003e\u003cbr\u003e\", \"base64\": false}]}], \"datePublic\": \"2024-07-15T03:08:00.000Z\", \"references\": [{\"url\": \"https://www.twcert.org.tw/tw/cp-132-7927-03837-1.html\", \"tags\": [\"third-party-advisory\"]}, {\"url\": \"https://www.twcert.org.tw/en/cp-139-7928-04e8a-2.html\", \"tags\": [\"third-party-advisory\"]}, {\"url\": \"https://www.openfind.com.tw/taiwan/download/Openfind_OF-ISAC-24-007.pdf\", \"tags\": [\"vendor-advisory\"]}], \"x_generator\": {\"engine\": \"Vulnogram 0.2.0\"}, \"descriptions\": [{\"lang\": \"en\", \"value\": \"The session cookie in MailGates and MailAudit from Openfind does not have the HttpOnly flag enabled, allowing remote attackers to potentially steal the session cookie via XSS.\", \"supportingMedia\": [{\"type\": \"text/html\", \"value\": \"The session cookie in MailGates and MailAudit from Openfind does not have the HttpOnly flag enabled, allowing remote attackers to potentially steal the session cookie via XSS.\", \"base64\": false}]}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-1004\", \"description\": \"CWE-1004 Sensitive Cookie Without \u0027HttpOnly\u0027 Flag\"}]}], \"providerMetadata\": {\"orgId\": \"cded6c7f-6ce5-4948-8f87-aa7a3bbb6b0e\", \"shortName\": \"twcert\", \"dateUpdated\": \"2024-07-15T03:17:02.773Z\"}}}",
      "cveMetadata": "{\"cveId\": \"CVE-2024-6739\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2024-08-01T21:41:04.608Z\", \"dateReserved\": \"2024-07-15T02:57:13.364Z\", \"assignerOrgId\": \"cded6c7f-6ce5-4948-8f87-aa7a3bbb6b0e\", \"datePublished\": \"2024-07-15T03:15:03.815Z\", \"assignerShortName\": \"twcert\"}",
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }
  }
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.