CVE-2024-6201
HaloITSM - Emailing Template Injection
Severity Score
5.3
*CVSS v3.1
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
0
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
Attend
*SSVC
Descriptions
HaloITSM versions up to 2.146.1 are affected by a Template Injection vulnerability within the engine used to generate emails. This can lead to the leakage of potentially sensitive information. HaloITSM versions past 2.146.1 (and patches starting from 2.143.61 ) fix the mentioned vulnerability.
Las versiones de HaloITSM hasta la 2.146.1 se ven afectadas por una vulnerabilidad de inyección de plantilla dentro del motor utilizado para generar correos electrónicos. Esto puede provocar la filtración de información potencialmente confidencial. Las versiones de HaloITSM posteriores a la 2.146.1 (y los parches a partir de la 2.143.61) corrigen la vulnerabilidad mencionada.
*Credits:
Damian Pfammatter, Cyber-Defence Campus (armasuisse)
CVSS Scores
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:Attend
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2024-06-20 CVE Reserved
- 2024-08-06 CVE Published
- 2024-08-06 CVE Updated
- 2024-08-30 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
CAPEC
References (1)
| URL | Tag | Source |
|---|---|---|
| https://haloitsm.com/guides/article/?kbid=2153 |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Halo Service Solutions Search vendor "Halo Service Solutions" | HaloITSM Search vendor "Halo Service Solutions" for product "HaloITSM" | < 2.146.1 Search vendor "Halo Service Solutions" for product "HaloITSM" and version " < 2.146.1" | en |
Affected
| ||||||