Haloservicesolutions Haloitsm — known CVE vulnerabilities
Every CVE whose affected-product data names Haloservicesolutions Haloitsm, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (4)
CVE-2024-6202 — CVSS 9.8 (critical): HaloITSM versions up to 2.146.1 are affected by a SAML XML Signature Wrapping (XSW) vulnerability. When having a SAML integration…
CVE-2024-6203 — CVSS 8.3 (high): HaloITSM versions up to 2.146.1 are affected by a Password Reset Poisoning vulnerability. Poisoned password reset links can be sent to…
CVE-2024-6200 — CVSS 8.0 (high): HaloITSM versions up to 2.146.1 are affected by a Stored Cross-Site Scripting (XSS) vulnerability. The injected JavaScript code can execute…
CVE-2024-6201 — CVSS 5.3 (medium): HaloITSM versions up to 2.146.1 are affected by a Template Injection vulnerability within the engine used to generate emails. This can lead…