HaloITSM versions up to 2.146.1 are affected by a SAML XML Signature Wrapping (XSW) vulnerability. When having a SAML integration configured, anonymous actors could impersonate arbitrary HaloITSM users by just knowing their email address. HaloITSM versions past 2.146.1 (and patches starting from 2.143.61 ) fix the mentioned vulnerability.
References
Link | Resource |
---|---|
https://haloitsm.com/guides/article/?kbid=2154 | Vendor Advisory |
Configurations
Configuration 1 (hide)
|
History
29 Aug 2024, 17:48
Type | Values Removed | Values Added |
---|---|---|
First Time |
Haloservicesolutions haloitsm
Haloservicesolutions |
|
CPE | cpe:2.3:a:haloservicesolutions:haloitsm:*:*:*:*:*:*:*:* | |
References | () https://haloitsm.com/guides/article/?kbid=2154 - Vendor Advisory |
06 Aug 2024, 16:30
Type | Values Removed | Values Added |
---|---|---|
Summary |
|
06 Aug 2024, 06:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2024-08-06 06:15
Updated : 2024-08-29 17:48
NVD link : CVE-2024-6202
Mitre link : CVE-2024-6202
CVE.ORG link : CVE-2024-6202
JSON object : View
Products Affected
haloservicesolutions
- haloitsm
CWE
CWE-863
Incorrect Authorization