{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-6203", "assignerOrgId": "455daabc-a392-441d-aa46-37d35189897c", "state": "PUBLISHED", "assignerShortName": "NCSC.ch", "dateReserved": "2024-06-20T13:13:30.214Z", "datePublished": "2024-08-06T06:03:11.225Z", "dateUpdated": "2024-08-06T18:47:20.023Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "product": "HaloITSM", "vendor": "Halo Service Solutions", "versions": [{"status": "affected", "version": "< 2.146.1"}]}], "credits": [{"lang": "en", "type": "finder", "value": "Damian Pfammatter, Cyber-Defence Campus (armasuisse)"}], "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "<div><div><div><div><div><div><div><div>HaloITSM versions up to 2.146.1 are affected by a Password Reset Poisoning vulnerability. Poisoned password reset links can be sent to existing HaloITSM users (given their email address is known). When these poisoned links get accessed (e.g. manually by the victim or automatically by an email client software), the password reset token is leaked to the malicious actor, allowing them to set a new password for the victim's account.This potentially leads to account takeover attacks.HaloITSM versions past 2.146.1 (and patches starting from 2.143.61 ) fix the mentioned vulnerability.</div></div></div></div></div></div></div></div>"}], "value": "HaloITSM versions up to 2.146.1 are affected by a Password Reset Poisoning vulnerability. Poisoned password reset links can be sent to existing HaloITSM users (given their email address is known). When these poisoned links get accessed (e.g. manually by the victim or automatically by an email client software), the password reset token is leaked to the malicious actor, allowing them to set a new password for the victim's account.This potentially leads to account takeover attacks.HaloITSM versions past 2.146.1 (and patches starting from 2.143.61 ) fix the mentioned vulnerability."}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 8.3, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:L", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-640", "description": "CWE-640 Weak Password Recovery Mechanism for Forgotten Password", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "455daabc-a392-441d-aa46-37d35189897c", "shortName": "NCSC.ch", "dateUpdated": "2024-08-06T06:03:11.225Z"}, "references": [{"url": "https://haloitsm.com/guides/article/?kbid=2155"}], "source": {"discovery": "EXTERNAL"}, "title": "HaloITSM - Password Reset Poisoning", "x_generator": {"engine": "Vulnogram 0.2.0"}}, "adp": [{"affected": [{"vendor": "haloservicesolutions", "product": "haloitsm", "cpes": ["cpe:2.3:a:haloservicesolutions:haloitsm:*:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "0", "status": "affected", "lessThan": "2.146.1", "versionType": "custom"}]}], "metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2024-08-06T18:45:04.284237Z", "id": "CVE-2024-6203", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-08-06T18:47:20.023Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-6203", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2024-08-06T18:45:04.284237Z"}}}], "affected": [{"cpes": ["cpe:2.3:a:haloservicesolutions:haloitsm:*:*:*:*:*:*:*:*"], "vendor": "haloservicesolutions", "product": "haloitsm", "versions": [{"status": "affected", "version": "0", "lessThan": "2.146.1", "versionType": "custom"}], "defaultStatus": "unknown"}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-08-06T18:46:52.262Z"}}], "cna": {"title": "HaloITSM - Password Reset Poisoning", "source": {"discovery": "EXTERNAL"}, "credits": [{"lang": "en", "type": "finder", "value": "Damian Pfammatter, Cyber-Defence Campus (armasuisse)"}], "metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 8.3, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:L", "integrityImpact": "HIGH", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "LOW", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "Halo Service Solutions", "product": "HaloITSM", "versions": [{"status": "affected", "version": "< 2.146.1"}], "defaultStatus": "unaffected"}], "references": [{"url": "https://haloitsm.com/guides/article/?kbid=2155"}], "x_generator": {"engine": "Vulnogram 0.2.0"}, "descriptions": [{"lang": "en", "value": "HaloITSM versions up to 2.146.1 are affected by a Password Reset Poisoning vulnerability. Poisoned password reset links can be sent to existing HaloITSM users (given their email address is known). When these poisoned links get accessed (e.g. manually by the victim or automatically by an email client software), the password reset token is leaked to the malicious actor, allowing them to set a new password for the victim's account.This potentially leads to account takeover attacks.HaloITSM versions past 2.146.1 (and patches starting from 2.143.61 ) fix the mentioned vulnerability.", "supportingMedia": [{"type": "text/html", "value": "<div><div><div><div><div><div><div><div>HaloITSM versions up to 2.146.1 are affected by a Password Reset Poisoning vulnerability. Poisoned password reset links can be sent to existing HaloITSM users (given their email address is known). When these poisoned links get accessed (e.g. manually by the victim or automatically by an email client software), the password reset token is leaked to the malicious actor, allowing them to set a new password for the victim's account.This potentially leads to account takeover attacks.HaloITSM versions past 2.146.1 (and patches starting from 2.143.61 ) fix the mentioned vulnerability.</div></div></div></div></div></div></div></div>", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-640", "description": "CWE-640 Weak Password Recovery Mechanism for Forgotten Password"}]}], "providerMetadata": {"orgId": "455daabc-a392-441d-aa46-37d35189897c", "shortName": "NCSC.ch", "dateUpdated": "2024-08-06T06:03:11.225Z"}}}, "cveMetadata": {"cveId": "CVE-2024-6203", "state": "PUBLISHED", "dateUpdated": "2024-08-06T18:47:20.023Z", "dateReserved": "2024-06-20T13:13:30.214Z", "assignerOrgId": "455daabc-a392-441d-aa46-37d35189897c", "datePublished": "2024-08-06T06:03:11.225Z", "assignerShortName": "NCSC.ch"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:haloservicesolutions:haloitsm:*:*:*:*:*:*:*:*", "matchCriteriaId": "0C394C94-9968-465E-98B9-7BC8429BAD67", "versionEndExcluding": "2.143.61", "vulnerable": true}, {"criteria": "cpe:2.3:a:haloservicesolutions:haloitsm:*:*:*:*:*:*:*:*", "matchCriteriaId": "CEBD3BDE-57DA-41C9-821A-F8C6A8864FC7", "versionEndExcluding": "2.146.1", "versionStartIncluding": "2.144", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "HaloITSM versions up to 2.146.1 are affected by a Password Reset Poisoning vulnerability. Poisoned password reset links can be sent to existing HaloITSM users (given their email address is known). When these poisoned links get accessed (e.g. manually by the victim or automatically by an email client software), the password reset token is leaked to the malicious actor, allowing them to set a new password for the victim's account.This potentially leads to account takeover attacks.HaloITSM versions past 2.146.1 (and patches starting from 2.143.61 ) fix the mentioned vulnerability."}, {"lang": "es", "value": "Las versiones de HaloITSM hasta 2.146.1 se ven afectadas por una vulnerabilidad de envenenamiento por restablecimiento de contrase\u00f1a. Se pueden enviar enlaces de restablecimiento de contrase\u00f1a envenenados a usuarios existentes de HaloITSM (siempre que se conozca su direcci\u00f3n de correo electr\u00f3nico). Cuando se accede a estos enlaces envenenados (por ejemplo, manualmente por parte de la v\u00edctima o autom\u00e1ticamente mediante un software de cliente de correo electr\u00f3nico), el token de restablecimiento de contrase\u00f1a se filtra al actor malintencionado, lo que le permite establecer una nueva contrase\u00f1a para la cuenta de la v\u00edctima. Esto potencialmente conduce a la apropiaci\u00f3n de la cuenta. Las versiones de attack.HaloITSM posteriores a la 2.146.1 (y los parches a partir de la 2.143.61) corrigen la vulnerabilidad mencionada."}], "id": "CVE-2024-6203", "lastModified": "2024-08-29T17:46:28.790", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 8.1, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 5.2, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 8.3, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:L", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 5.5, "source": "vulnerability@ncsc.ch", "type": "Secondary"}]}, "published": "2024-08-06T06:15:35.727", "references": [{"source": "vulnerability@ncsc.ch", "tags": ["Vendor Advisory"], "url": "https://haloitsm.com/guides/article/?kbid=2155"}], "sourceIdentifier": "vulnerability@ncsc.ch", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-640"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-640"}], "source": "vulnerability@ncsc.ch", "type": "Secondary"}]}

{}