CVE-2024-6202
HaloITSM - SAML XML Signature Wrapping (XSW)
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
HaloITSM versions up to 2.146.1 are affected by a SAML XML Signature Wrapping (XSW) vulnerability. When having a SAML integration configured, anonymous actors could impersonate arbitrary HaloITSM users by just knowing their email address. HaloITSM versions past 2.146.1 (and patches starting from 2.143.61 ) fix the mentioned vulnerability.
Las versiones de HaloITSM hasta 2.146.1 se ven afectadas por una vulnerabilidad SAML XML Signature Wrapping (XSW). Al tener configurada una integración SAML, los actores anónimos podrían hacerse pasar por usuarios arbitrarios de HaloITSM con solo conocer su dirección de correo electrónico. Las versiones de HaloITSM posteriores a la 2.146.1 (y los parches a partir de la 2.143.61) corrigen la vulnerabilidad mencionada.
CVSS Scores
SSVC
- Decision:Attend
Timeline
- 2024-06-20 CVE Reserved
- 2024-08-06 CVE Published
- 2024-08-08 CVE Updated
- 2024-08-30 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-863: Incorrect Authorization
CAPEC
References (1)
| URL | Tag | Source |
|---|---|---|
| https://haloitsm.com/guides/article/?kbid=2154 |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Halo Service Solutions Search vendor "Halo Service Solutions" | HaloITSM Search vendor "Halo Service Solutions" for product "HaloITSM" | < 2.146.1 Search vendor "Halo Service Solutions" for product "HaloITSM" and version " < 2.146.1" | en |
Affected
| ||||||