HaloITSM Vulnerability Affects Email Generation
CVE-2024-6201

5.3MEDIUM

Key Information:

Vendor: Halo Service Solutions
Status: Haloitsm
Vendor: CVE Published:; 6 August 2024

Summary

HaloITSM versions up to 2.146.1 are affected by a Template Injection vulnerability within the engine used to generate emails. This can lead to the leakage of potentially sensitive information. HaloITSM versions past 2.146.1 (and patches starting from 2.143.61 ) fix the mentioned vulnerability.

Affected Version(s)

HaloITSM < 2.146.1

References

https://haloitsm.com/guides/article/?kbid=2153

CVSS V3.1

Score:

5.3

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

None

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Aug 6, 2024
Vulnerability Reserved
Jun 20, 2024

Collectors

NVD DatabaseMitre Database

Credit

Damian Pfammatter, Cyber-Defence Campus (armasuisse)