CVE-2024-6201

CVSS 3.1 Score 5.3 of 10 (medium)

Details

Published Aug 6, 2024

Updated: Aug 29, 2024

Summary

CVE-2024-6201 is a Template Injection vulnerability affecting HaloITSM versions up to 2.146.1. This cybersecurity issue lies in the email generation engine, which can result in the leakage of sensitive information due to the injection of malicious code into templates. HaloITSM users running versions beyond 2.146.1 (and starting from 2.143.61) have received patches to mitigate this vulnerability. By exploiting this flaw, an attacker can potentially gain unauthorized access to confidential data. This vulnerability underscores the importance of timely software updates to protect against cyber threats.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

https://app.recordedfuture.com/live/sc/entity/wkXI4O
https://www.cve.org/CVERecord?id=CVE-2024-6201
https://nvd.nist.gov/vuln/detail/CVE-2024-6201

Back to Vulnerability Database

CVE-2024-6201

CVSS 3.1 Score 5.3 of 10 (medium)

Details

Summary

Advisories, Assessments, and Mitigations