CVE-2024-6201— HaloITSM - Emailing Template Injection

HaloITSM - Emailing Template Injection

HaloITSM versions up to 2.146.1 are affected by a Template Injection vulnerability within the engine used to generate emails. This can lead to the leakage of potentially sensitive information. HaloITSM versions past 2.146.1 (and patches starting from 2.143.61 ) fix the mentioned vulnerability.

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

N/A

HaloITSM 安全漏洞

HaloITSM是英国HaloITSM公司的一款符合 ITIL 的 ITSM 软件。 HaloITSM 2.146.1版本及之前版本存在安全漏洞，该漏洞源于受电子邮件生成引擎中的模板注入漏洞影响，导致潜在敏感信息的泄露。

N/A

N/A