CVE-2024-6202 - Vulnerability Details - OpenCVE

HaloITSM versions up to 2.146.1 are affected by a SAML XML Signature Wrapping (XSW) vulnerability. When having a SAML integration configured, anonymous actors could impersonate arbitrary HaloITSM users by just knowing their email address. HaloITSM versions past 2.146.1 (and patches starting from 2.143.61 ) fix the mentioned vulnerability.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

The EPSS score is 0.00234.

Exploitation none

Automatable yes

Technical Impact partial

Vendors	Products
Haloservicesolutions	Haloitsm

Configuration 1 [-]

OR	cpe:2.3:a:haloservicesolutions:haloitsm::::::::
	cpe:2.3:a:haloservicesolutions:haloitsm::::::::

No data.

No data.

References

Link	Providers
https://haloitsm.com/guides/article/?kbid=2154

History

Thu, 08 Aug 2024 14:30:00 +0000

Type	Values Removed	Values Added
First Time appeared		Haloservicesolutions Haloservicesolutions haloitsm
CPEs		cpe:2.3:a:haloservicesolutions:haloitsm::::::::
Vendors & Products		Haloservicesolutions Haloservicesolutions haloitsm
Metrics	ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}`	ssvc `{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}`

Wed, 07 Aug 2024 21:30:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}`

MITRE

Status: PUBLISHED

Assigner: NCSC.ch

Published: 2024-08-06T06:01:41.415Z

Updated: 2024-08-08T13:43:27.833Z

Reserved: 2024-06-20T13:13:28.976Z

Link: CVE-2024-6202

Vulnrichment

Updated: 2024-08-07T20:42:18.778Z

NVD

Status : Analyzed

Published: 2024-08-06T06:15:35.487

Modified: 2024-08-29T17:48:43.723

Link: CVE-2024-6202

Redhat

No data.

OpenCVE Enrichment

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-6202", "assignerOrgId": "455daabc-a392-441d-aa46-37d35189897c", "state": "PUBLISHED", "assignerShortName": "NCSC.ch", "dateReserved": "2024-06-20T13:13:28.976Z", "datePublished": "2024-08-06T06:01:41.415Z", "dateUpdated": "2024-08-08T13:43:27.833Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "product": "HaloITSM", "vendor": "Halo Service Solutions", "versions": [{"status": "affected", "version": "< 2.146.1"}]}], "credits": [{"lang": "en", "type": "finder", "value": "Damian Pfammatter, Cyber-Defence Campus (armasuisse)"}], "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "<div><div><div><div><div><div>HaloITSM versions up to 2.146.1 are affected by a SAML XML Signature Wrapping (XSW) vulnerability. When having a SAML integration configured, anonymous actors could impersonate arbitrary HaloITSM users by just knowing their email address. HaloITSM versions past 2.146.1 (and patches starting from 2.143.61 ) fix the mentioned vulnerability.</div></div></div></div></div></div>"}], "value": "HaloITSM versions up to 2.146.1 are affected by a SAML XML Signature Wrapping (XSW) vulnerability. When having a SAML integration configured, anonymous actors could impersonate arbitrary HaloITSM users by just knowing their email address. HaloITSM versions past 2.146.1 (and patches starting from 2.143.61 ) fix the mentioned vulnerability."}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-863", "description": "CWE-863 Incorrect Authorization", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "455daabc-a392-441d-aa46-37d35189897c", "shortName": "NCSC.ch", "dateUpdated": "2024-08-06T06:01:41.415Z"}, "references": [{"url": "https://haloitsm.com/guides/article/?kbid=2154"}], "source": {"discovery": "EXTERNAL"}, "title": "HaloITSM - SAML XML Signature Wrapping (XSW)", "x_generator": {"engine": "Vulnogram 0.2.0"}}, "adp": [{"affected": [{"vendor": "haloservicesolutions", "product": "haloitsm", "cpes": ["cpe:2.3:a:haloservicesolutions:haloitsm:*:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "0", "status": "affected", "lessThan": "2.143.8", "versionType": "custom"}]}], "metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2024-08-08T13:35:04.404282Z", "id": "CVE-2024-6202", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-08-08T13:43:27.833Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-6202", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-08-08T13:35:04.404282Z"}}}], "affected": [{"cpes": ["cpe:2.3:a:haloservicesolutions:haloitsm:*:*:*:*:*:*:*:*"], "vendor": "haloservicesolutions", "product": "haloitsm", "versions": [{"status": "affected", "version": "0", "lessThan": "2.143.8", "versionType": "custom"}], "defaultStatus": "unknown"}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-08-07T20:42:18.778Z"}}], "cna": {"title": "HaloITSM - SAML XML Signature Wrapping (XSW)", "source": {"discovery": "EXTERNAL"}, "credits": [{"lang": "en", "type": "finder", "value": "Damian Pfammatter, Cyber-Defence Campus (armasuisse)"}], "metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 9.8, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "Halo Service Solutions", "product": "HaloITSM", "versions": [{"status": "affected", "version": "< 2.146.1"}], "defaultStatus": "unaffected"}], "references": [{"url": "https://haloitsm.com/guides/article/?kbid=2154"}], "x_generator": {"engine": "Vulnogram 0.2.0"}, "descriptions": [{"lang": "en", "value": "HaloITSM versions up to 2.146.1 are affected by a SAML XML Signature Wrapping (XSW) vulnerability. When having a SAML integration configured, anonymous actors could impersonate arbitrary HaloITSM users by just knowing their email address. HaloITSM versions past 2.146.1 (and patches starting from 2.143.61 ) fix the mentioned vulnerability.", "supportingMedia": [{"type": "text/html", "value": "<div><div><div><div><div><div>HaloITSM versions up to 2.146.1 are affected by a SAML XML Signature Wrapping (XSW) vulnerability. When having a SAML integration configured, anonymous actors could impersonate arbitrary HaloITSM users by just knowing their email address. HaloITSM versions past 2.146.1 (and patches starting from 2.143.61 ) fix the mentioned vulnerability.</div></div></div></div></div></div>", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-863", "description": "CWE-863 Incorrect Authorization"}]}], "providerMetadata": {"orgId": "455daabc-a392-441d-aa46-37d35189897c", "shortName": "NCSC.ch", "dateUpdated": "2024-08-06T06:01:41.415Z"}}}, "cveMetadata": {"cveId": "CVE-2024-6202", "state": "PUBLISHED", "dateUpdated": "2024-08-08T13:43:27.833Z", "dateReserved": "2024-06-20T13:13:28.976Z", "assignerOrgId": "455daabc-a392-441d-aa46-37d35189897c", "datePublished": "2024-08-06T06:01:41.415Z", "assignerShortName": "NCSC.ch"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:haloservicesolutions:haloitsm:*:*:*:*:*:*:*:*", "matchCriteriaId": "0C394C94-9968-465E-98B9-7BC8429BAD67", "versionEndExcluding": "2.143.61", "vulnerable": true}, {"criteria": "cpe:2.3:a:haloservicesolutions:haloitsm:*:*:*:*:*:*:*:*", "matchCriteriaId": "CEBD3BDE-57DA-41C9-821A-F8C6A8864FC7", "versionEndExcluding": "2.146.1", "versionStartIncluding": "2.144", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "HaloITSM versions up to 2.146.1 are affected by a SAML XML Signature Wrapping (XSW) vulnerability. When having a SAML integration configured, anonymous actors could impersonate arbitrary HaloITSM users by just knowing their email address. HaloITSM versions past 2.146.1 (and patches starting from 2.143.61 ) fix the mentioned vulnerability."}, {"lang": "es", "value": "Las versiones de HaloITSM hasta 2.146.1 se ven afectadas por una vulnerabilidad SAML XML Signature Wrapping (XSW). Al tener configurada una integraci\u00f3n SAML, los actores an\u00f3nimos podr\u00edan hacerse pasar por usuarios arbitrarios de HaloITSM con solo conocer su direcci\u00f3n de correo electr\u00f3nico. Las versiones de HaloITSM posteriores a la 2.146.1 (y los parches a partir de la 2.143.61) corrigen la vulnerabilidad mencionada."}], "id": "CVE-2024-6202", "lastModified": "2024-08-29T17:48:43.723", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 5.9, "source": "vulnerability@ncsc.ch", "type": "Secondary"}]}, "published": "2024-08-06T06:15:35.487", "references": [{"source": "vulnerability@ncsc.ch", "tags": ["Vendor Advisory"], "url": "https://haloitsm.com/guides/article/?kbid=2154"}], "sourceIdentifier": "vulnerability@ncsc.ch", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-863"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-863"}], "source": "vulnerability@ncsc.ch", "type": "Secondary"}]}