CVE-2024-6201

HaloITSM versions up to 2.146.1 are affected by a Template Injection vulnerability within the engine used to generate emails. This can lead to the leakage of potentially sensitive information. HaloITSM versions past 2.146.1 (and patches starting from 2.143.61 ) fix the mentioned vulnerability.
References
Link Resource
https://haloitsm.com/guides/article/?kbid=2153 Vendor Advisory
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:haloservicesolutions:haloitsm:*:*:*:*:*:*:*:*
cpe:2.3:a:haloservicesolutions:haloitsm:*:*:*:*:*:*:*:*

History

29 Aug 2024, 17:52

Type Values Removed Values Added
First Time Haloservicesolutions haloitsm
Haloservicesolutions
References () https://haloitsm.com/guides/article/?kbid=2153 - () https://haloitsm.com/guides/article/?kbid=2153 - Vendor Advisory
CPE cpe:2.3:a:haloservicesolutions:haloitsm:*:*:*:*:*:*:*:*
CWE NVD-CWE-Other

06 Aug 2024, 16:30

Type Values Removed Values Added
Summary
  • (es) Las versiones de HaloITSM hasta la 2.146.1 se ven afectadas por una vulnerabilidad de inyección de plantilla dentro del motor utilizado para generar correos electrónicos. Esto puede provocar la filtración de información potencialmente confidencial. Las versiones de HaloITSM posteriores a la 2.146.1 (y los parches a partir de la 2.143.61) corrigen la vulnerabilidad mencionada.

06 Aug 2024, 06:15

Type Values Removed Values Added
New CVE

Information

Published : 2024-08-06 06:15

Updated : 2024-08-29 17:52


NVD link : CVE-2024-6201

Mitre link : CVE-2024-6201

CVE.ORG link : CVE-2024-6201


JSON object : View

Products Affected

haloservicesolutions

  • haloitsm