Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Vulnerabilities

Halo ITSM Vulnerability Exposed Organizations to Remote Hacking

An unauthenticated SQL injection vulnerability in Halo ITSM could have been exploited to read, modify, or insert data.

UK-based Halo recently patched a potentially serious vulnerability in its IT service management (ITSM) software, attack surface management firm Assetnote reported on Wednesday.

According to Assetnote, HaloITSM is affected by an SQL injection vulnerability that could be exploited by an unauthenticated attacker. Roughly 1,000 cloud deployments may have been vulnerable to remote attacks, in addition to on-premises deployments exposed to network attackers. 

A threat actor could exploit the vulnerability to read, modify, or insert data into the ITSM software, explained Assetnote, a Searchlight Cyber company. 

“As an IT Support Management tool, Halo is often integrated with various internal and external systems and cloud providers, as well as containing sensitive information such as configuration files and credentials,” said Shubham Shah, SVP of Engineering and Research at Searchlight. 

Shah added, “This means that an attacker could have used this vulnerability to compromise any of the integrated systems, obtain sensitive data stored on the system, or even add themselves as an administrator and take over the instance.”

The vendor has patched the vulnerability with the release of versions 2.174.94, 2.184.23 (candidate), and 2.186.2 (beta), and on-premises instances should be updated as soon as possible.

Assetnote pointed out that while this particular vulnerability has been patched, its analysis indicates that the Halo product has a large attack surface, being exposed particularly to post-authentication attacks. 

The security firm has made available technical details for the SQL injection vulnerability found in HaloITSM. 

Advertisement. Scroll to continue reading.

Related: Details Emerge on CVE Controversy Around Exploited CrushFTP Vulnerability

Related: Google Released Second Fix for Quick Share Flaws After Patch Bypass

Related: Critical Vulnerability Found in Canon Printer Drivers

Written By

Eduard Kovacs (@EduardKovacs) is a managing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join this event as we dive into threat hunting tools and frameworks, and explore value of threat intelligence data in the defender’s security stack.

Register

Learn how integrating BAS and Automated Penetration Testing empowers security teams to quickly identify and validate threats, enabling prompt response and remediation.

Register

People on the Move

Wendi Whitmore has taken the role of Chief Security Intelligence Officer at Palo Alto Networks.

Phil Venables, former CISO of Google Cloud, has joined Ballistic Ventures as a Venture Partner.

David Currie, former CISO of Nubank and Klarna, has been appointed CEO of Vaultree.

More People On The Move

Expert Insights

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest cybersecurity news, threats, and expert insights. Unsubscribe at any time.