UK-based Halo recently addressed a serious vulnerability in its IT service management (ITSM) software, according to a report by Assetnote on Wednesday.
The flaw, identified as an SQL injection vulnerability, could have been exploited by unauthenticated attackers to compromise affected systems.
According to Assetnote, approximately 1,000 cloud deployments were potentially vulnerable to remote attacks, while on-premises instances were at risk from network-based attackers. The flaw allowed threat actors to read, modify, or insert data into the ITSM software, posing a significant security risk.
As an IT support management tool, HaloITSM is often integrated with various internal and external systems, including cloud providers. It also stores sensitive data, such as configuration files and credentials, making it an attractive target for cybercriminals. Shubham Shah, SVP of Engineering and Research at Searchlight, emphasized the severity of the issue, explaining that attackers could have used the vulnerability to compromise integrated systems, steal sensitive information, or even escalate their privileges by adding themselves as administrators.
To address the issue, Halo has released patches in versions 2.174.94, 2.184.23 (candidate), and 2.186.2 (beta). Organizations using on-premises instances are urged to update their systems immediately to mitigate potential risks.
While this specific SQL injection vulnerability has been patched, Assetnote’s analysis suggests that HaloITSM has a broad attack surface, particularly susceptible to post-authentication threats. The security firm has also published technical details of the vulnerability, highlighting the importance of ongoing security monitoring for HaloITSM users.
Found this article interesting? Follow us on X(Twitter) and FaceBook to read more exclusive content we post.
