Lucene search

NCSC.chCVE-2024-6200

HistoryAug 06, 2024 - 6:15 a.m.

CVE-2024-6200

2024-08-0606:15:35

CWE-79

NCSC.ch

web.nvd.nist.gov

haloitsm

cross-site scripting

xss

vulnerability

javascript

patch

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H

AI Score

6.7

Confidence

High

EPSS

Percentile

14.7%

JSON

HaloITSM versions up to 2.146.1 are affected by a Stored Cross-Site Scripting (XSS) vulnerability. The injected JavaScript code can execute arbitrary action on behalf of the user accessing a ticket. HaloITSM versions past 2.146.1 (and patches starting from 2.143.61 ) fix the mentioned vulnerability.

Affected configurations

Nvd

Node

haloservicesolutionshaloitsmRange<2.143.61

haloservicesolutionshaloitsmRange2.144–2.146.1

VendorProductVersionCPE
haloservicesolutionshaloitsm*cpe:2.3:a:haloservicesolutions:haloitsm:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
haloservicesolutions	haloitsm	*	cpe:2.3:a:haloservicesolutions:haloitsm::::::::

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "product": "HaloITSM",
    "vendor": "Halo Service Solutions",
    "versions": [
      {
        "status": "affected",
        "version": "< 2.146.1"
      }
    ]
  }
]

References

haloitsm.com/guides/article/?kbid=2152

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H

AI Score

6.7

Confidence

High

EPSS

Percentile

14.7%

JSON

Related for CVE-2024-6200