Security Advisory

CVE-2024-6202

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2024-08-06 06:01:41

Last updated 2024-08-08 13:43:27

Assigner NCSC.ch

State PUBLISHED

Description

HaloITSM versions up to 2.146.1 are affected by a SAML XML Signature Wrapping (XSW) vulnerability. When having a SAML integration configured, anonymous actors could impersonate arbitrary HaloITSM users by just knowing their email address. HaloITSM versions past 2.146.1 (and patches starting from 2.143.61 ) fix the mentioned vulnerability.

← Browse all CVEs View on cve.org ↗