CVE-2024-6202

HaloITSM versions up to 2.146.1 are affected by a SAML XML Signature Wrapping (XSW) vulnerability. When having a SAML integration configured, anonymous actors could impersonate arbitrary HaloITSM users by just knowing their email address. HaloITSM versions past 2.146.1 (and patches starting from 2.143.61 ) fix the mentioned vulnerability.
References
Link Resource
https://haloitsm.com/guides/article/?kbid=2154 Vendor Advisory
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:haloservicesolutions:haloitsm:*:*:*:*:*:*:*:*
cpe:2.3:a:haloservicesolutions:haloitsm:*:*:*:*:*:*:*:*

History

29 Aug 2024, 17:48

Type Values Removed Values Added
First Time Haloservicesolutions haloitsm
Haloservicesolutions
CPE cpe:2.3:a:haloservicesolutions:haloitsm:*:*:*:*:*:*:*:*
References () https://haloitsm.com/guides/article/?kbid=2154 - () https://haloitsm.com/guides/article/?kbid=2154 - Vendor Advisory

06 Aug 2024, 16:30

Type Values Removed Values Added
Summary
  • (es) Las versiones de HaloITSM hasta 2.146.1 se ven afectadas por una vulnerabilidad SAML XML Signature Wrapping (XSW). Al tener configurada una integración SAML, los actores anónimos podrían hacerse pasar por usuarios arbitrarios de HaloITSM con solo conocer su dirección de correo electrónico. Las versiones de HaloITSM posteriores a la 2.146.1 (y los parches a partir de la 2.143.61) corrigen la vulnerabilidad mencionada.

06 Aug 2024, 06:15

Type Values Removed Values Added
New CVE

Information

Published : 2024-08-06 06:15

Updated : 2024-08-29 17:48


NVD link : CVE-2024-6202

Mitre link : CVE-2024-6202

CVE.ORG link : CVE-2024-6202


JSON object : View

Products Affected

haloservicesolutions

  • haloitsm
CWE
CWE-863

Incorrect Authorization