{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-04-28T14:19:25.017","vulnerabilities":[{"cve":{"id":"CVE-2024-6201","sourceIdentifier":"vulnerability@ncsc.ch","published":"2024-08-06T06:15:35.283","lastModified":"2024-08-29T17:52:07.493","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"HaloITSM versions up to 2.146.1 are affected by a Template Injection vulnerability within the engine used to generate emails. This can lead to the leakage of potentially sensitive information. HaloITSM versions past 2.146.1 (and patches starting from 2.143.61 ) fix the mentioned vulnerability."},{"lang":"es","value":"Las versiones de HaloITSM hasta la 2.146.1 se ven afectadas por una vulnerabilidad de inyección de plantilla dentro del motor utilizado para generar correos electrónicos. Esto puede provocar la filtración de información potencialmente confidencial. Las versiones de HaloITSM posteriores a la 2.146.1 (y los parches a partir de la 2.143.61) corrigen la vulnerabilidad mencionada."}],"metrics":{"cvssMetricV31":[{"source":"vulnerability@ncsc.ch","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N","baseScore":5.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":1.4},{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N","baseScore":5.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":1.4}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"NVD-CWE-Other"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:haloservicesolutions:haloitsm:*:*:*:*:*:*:*:*","versionEndExcluding":"2.143.21","matchCriteriaId":"A015991C-B19E-4216-9EDA-565C39027C93"},{"vulnerable":true,"criteria":"cpe:2.3:a:haloservicesolutions:haloitsm:*:*:*:*:*:*:*:*","versionStartIncluding":"2.144","versionEndExcluding":"2.146.1","matchCriteriaId":"CEBD3BDE-57DA-41C9-821A-F8C6A8864FC7"}]}]}],"references":[{"url":"https://haloitsm.com/guides/article/?kbid=2153","source":"vulnerability@ncsc.ch","tags":["Vendor Advisory"]}]}}]}