CVE-2024-6200
- EPSS 1.01%
- Veröffentlicht 06.08.2024 06:15:35
- Zuletzt bearbeitet 29.08.2024 17:53:40
HaloITSM versions up to 2.146.1 are affected by a Stored Cross-Site Scripting (XSS) vulnerability. The injected JavaScript code can execute arbitrary action on behalf of the user accessing a ticket. HaloITSM versions past 2.146.1 (and patches startin...
CVE-2024-6201
- EPSS 0.36%
- Veröffentlicht 06.08.2024 06:15:35
- Zuletzt bearbeitet 29.08.2024 17:52:07
HaloITSM versions up to 2.146.1 are affected by a Template Injection vulnerability within the engine used to generate emails. This can lead to the leakage of potentially sensitive information. HaloITSM versions past 2.146.1 (and patches starting from...
CVE-2024-6202
- EPSS 0.88%
- Veröffentlicht 06.08.2024 06:15:35
- Zuletzt bearbeitet 29.08.2024 17:48:43
HaloITSM versions up to 2.146.1 are affected by a SAML XML Signature Wrapping (XSW) vulnerability. When having a SAML integration configured, anonymous actors could impersonate arbitrary HaloITSM users by just knowing their email address. HaloITSM ve...
CVE-2024-6203
- EPSS 0.22%
- Veröffentlicht 06.08.2024 06:15:35
- Zuletzt bearbeitet 29.08.2024 17:46:28
HaloITSM versions up to 2.146.1 are affected by a Password Reset Poisoning vulnerability. Poisoned password reset links can be sent to existing HaloITSM users (given their email address is known). When these poisoned links get accessed (e.g. manually...