Total
3 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2020-25849 | 1 Openfind | 2 Mailaudit, Mailgates | 2024-11-21 | 9.0 HIGH | 8.8 HIGH |
MailGates and MailAudit products contain Command Injection flaw, which can be used to inject and execute system commands from the cgi parameter after attackers obtain the user’s access token. | |||||
CVE-2020-12782 | 1 Openfind | 2 Mailaudit, Mailgates | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
Openfind MailGates contains a Command Injection flaw, when receiving email with specific strings, malicious code in the mail attachment will be triggered and gain unauthorized access to system files. | |||||
CVE-2024-6739 | 1 Openfind | 2 Mailaudit, Mailgates | 2024-10-03 | N/A | 6.1 MEDIUM |
The session cookie in MailGates and MailAudit from Openfind does not have the HttpOnly flag enabled, allowing remote attackers to potentially steal the session cookie via XSS. |