Skip to main content

Haloitsm

4 CVEs product

Monthly

CVE-2024-6203 HIGH This Week

HaloITSM versions up to 2.146.1 are affected by a Password Reset Poisoning vulnerability. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Haloitsm
NVD
CVSS 3.1
8.1
EPSS
0.4%
CVE-2024-6202 CRITICAL Act Now

HaloITSM versions up to 2.146.1 are affected by a SAML XML Signature Wrapping (XSW) vulnerability. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Haloitsm
NVD
CVSS 3.1
9.8
EPSS
0.5%
CVE-2024-6201 MEDIUM This Month

HaloITSM versions up to 2.146.1 are affected by a Template Injection vulnerability within the engine used to generate emails. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Haloitsm
NVD
CVSS 3.1
5.3
EPSS
0.3%
CVE-2024-6200 MEDIUM This Month

HaloITSM versions up to 2.146.1 are affected by a Stored Cross-Site Scripting (XSS) vulnerability. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Haloitsm
NVD
CVSS 3.1
5.4
EPSS
0.3%
EPSS 0% CVSS 8.1
HIGH This Week

HaloITSM versions up to 2.146.1 are affected by a Password Reset Poisoning vulnerability. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Haloitsm
NVD
EPSS 0% CVSS 9.8
CRITICAL Act Now

HaloITSM versions up to 2.146.1 are affected by a SAML XML Signature Wrapping (XSW) vulnerability. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Haloitsm
NVD
EPSS 0% CVSS 5.3
MEDIUM This Month

HaloITSM versions up to 2.146.1 are affected by a Template Injection vulnerability within the engine used to generate emails. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Haloitsm
NVD
EPSS 0% CVSS 5.4
MEDIUM This Month

HaloITSM versions up to 2.146.1 are affected by a Stored Cross-Site Scripting (XSS) vulnerability. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Haloitsm
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy