CVEDB API

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2024-6202

HaloITSM versions up to 2.146.1 are affected by a SAML XML Signature Wrapping (XSW) vulnerability. When having a SAML integration configured, anonymous actors could impersonate arbitrary HaloITSM users by just knowing their email address. HaloITSM versions past 2.146.1 (and patches starting from 2.143.61 ) fix the mentioned vulnerability.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.002

EPSS Ranking 46.3%

CVSS Severity

CVSS v3 Score 9.8

References

https://haloitsm.com/guides/article/?kbid=2154

Products affected by CVE-2024-6202

Haloservicesolutions » Haloitsm » Version: N/A

cpe:2.3:a:haloservicesolutions:haloitsm:-
Haloservicesolutions » Haloitsm » Version: 2.143.21

cpe:2.3:a:haloservicesolutions:haloitsm:2.143.21
Haloservicesolutions » Haloitsm » Version: 2.143.8

cpe:2.3:a:haloservicesolutions:haloitsm:2.143.8
Haloservicesolutions » Haloitsm » Version: 2.144

cpe:2.3:a:haloservicesolutions:haloitsm:2.144
Haloservicesolutions » Haloitsm » Version: 2.146

cpe:2.3:a:haloservicesolutions:haloitsm:2.146

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2024-6202

Products

Pricing

Contact Us