This page lists publicly disclosed CVE vulnerabilities affecting openfind mailaudit (linked via NVD CPE). Each row includes severity scores, summaries, and publication dates to help identify and analyze security issues.
| CVE | Summary | Source | Max CVSS | EPSS % | Published | Updated |
|---|---|---|---|---|---|---|
| CVE-2024-6739 | The session cookie in MailGates and MailAudit from Openfind does not have the HttpOnly flag enabled, allowing remote attackers to potentially steal the session cookie via XSS. | [email protected] | 5.3 | 0.09% | 2024-07-15 | 2024-11-21 |
| CVE-2020-25849 | MailGates and MailAudit products contain Command Injection flaw, which can be used to inject and execute system commands from the cgi parameter after attackers obtain the user’s access token. | [email protected] | 8.8 | 2.99% | 2020-11-01 | 2024-11-21 |
| CVE-2020-12782 | Openfind MailGates contains a Command Injection flaw, when receiving email with specific strings, malicious code in the mail attachment will be triggered and gain unauthorized access to system files. | [email protected] | 9.8 | 6.89% | 2020-06-23 | 2024-11-21 |