Total
3 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2024-6739 | 1 Openfind | 2 Mailaudit, Mailgates | 2024-07-16 | N/A | 6.1 MEDIUM |
| The session cookie in MailGates and MailAudit from Openfind does not have the HttpOnly flag enabled, allowing remote attackers to potentially steal the session cookie via XSS. | |||||
| CVE-2020-25849 | 1 Openfind | 2 Mailaudit, Mailgates | 2024-02-28 | 9.0 HIGH | 8.8 HIGH |
| MailGates and MailAudit products contain Command Injection flaw, which can be used to inject and execute system commands from the cgi parameter after attackers obtain the user’s access token. | |||||
| CVE-2020-12782 | 1 Openfind | 2 Mailaudit, Mailgates | 2024-02-28 | 7.5 HIGH | 9.8 CRITICAL |
| Openfind MailGates contains a Command Injection flaw, when receiving email with specific strings, malicious code in the mail attachment will be triggered and gain unauthorized access to system files. | |||||