Haloitsm Security Vulnerabilities and Issues — Haloitsm CVE List

Lucene search

HaloservicesolutionsHaloitsm

4 matches found

CVE•added 2024/08/06 6:15 a.m.•34 views

CVE-2024-6202

HaloITSM versions up to 2.146.1 are affected by a SAML XML Signature Wrapping (XSW) vulnerability. When having a SAML integration configured, anonymous actors could impersonate arbitrary HaloITSM users by just knowing their email address. HaloITSM versions past 2.146.1 (and patches starting from 2....

9.8CVSS9.4AI score0.00234EPSS

CVE•added 2024/08/06 6:15 a.m.•28 views

CVE-2024-6200

HaloITSM versions up to 2.146.1 are affected by a Stored Cross-Site Scripting (XSS) vulnerability. The injected JavaScript code can execute arbitrary action on behalf of the user accessing a ticket. HaloITSM versions past 2.146.1 (and patches starting from 2.143.61 ) fix the mentioned vulnerability...

8CVSS6.7AI score0.00246EPSS

CVE•added 2024/08/06 6:15 a.m.•21 views

CVE-2024-6201

HaloITSM versions up to 2.146.1 are affected by a Template Injection vulnerability within the engine used to generate emails. This can lead to the leakage of potentially sensitive information. HaloITSM versions past 2.146.1 (and patches starting from 2.143.61 ) fix the mentioned vulnerability.

5.3CVSS5.3AI score0.00141EPSS

CVE•added 2024/08/06 6:15 a.m.•20 views

CVE-2024-6203

HaloITSM versions up to 2.146.1 are affected by a Password Reset Poisoning vulnerability. Poisoned password reset links can be sent to existing HaloITSM users (given their email address is known). When these poisoned links get accessed (e.g. manually by the victim or automatically by an email clien...

8.3CVSS8.4AI score0.00108EPSS