Summary: UK-based Halo recently addressed a significant SQL injection vulnerability in its IT service management software, HaloITSM, which could have allowed unauthorized access to sensitive data. Approximately 1,000 cloud deployments were potentially at risk, exposing critical systems to remote attacks. The vendor has released patches to mitigate the threat and advises on-premises users to update promptly.
Affected: HaloITSM Software
Keypoints :
- SQL injection vulnerability could be exploited by unauthenticated attackers.
- Attackers could read, modify, or inject data, risking system integrity and confidentiality.
- New versions 2.174.94, 2.184.23, and 2.186.2 released to patch the vulnerability.
- Large attack surface identified, requiring continued vigilance against potential post-authentication attacks.
Source: https://www.securityweek.com/halo-itsm-vulnerability-exposed-organizations-to-remote-hacking/
Views: 7