Description

iTop is an open source web based IT Service Management tool. In affected versions an attacker can call the system setup without authentication. Given specific parameters this can lead to SSRF. This issue has been resolved in versions 2.6.5 and 2.7.5 and later

Related CPE's

a

combodo

itop

2

References

https://github.com/Combodo/iTop/commit/43daa2ef088bf928a2386fa19324628c3f19b807

PatchThird Party Advisory

https://github.com/Combodo/iTop/commit/6be9a87c150978752bc68baae1a5c4833ddadfec

PatchThird Party Advisory

https://github.com/Combodo/iTop/security/advisories/GHSA-ghqc-r8f6-q9m9

Third Party Advisory

https://github.com/Combodo/iTop/commit/43daa2ef088bf928a2386fa19324628c3f19b807

PatchThird Party Advisory

https://github.com/Combodo/iTop/commit/6be9a87c150978752bc68baae1a5c4833ddadfec

PatchThird Party Advisory

https://github.com/Combodo/iTop/security/advisories/GHSA-ghqc-r8f6-q9m9

Third Party Advisory

Weaknesses

[email protected]

Secondary
CWE-918

CVSS impact metrics

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N

8.7 · High

Information

Source identifier

[email protected]

Vulnerability status

Modified

Published

2021-10-19T16:15:07.783Z

4 years ago

Last modified

2024-11-21T05:07:29.093Z

1 year ago