Description

iTop is an open source web based IT Service Management tool. In affected versions an attacker can call the system setup without authentication. Given specific parameters this can lead to SSRF. This issue has been resolved in versions 2.6.5 and 2.7.5 and later

Related CPE's

a

combodo

itop

2

References

https://github.com/Combodo/iTop/commit/43daa2ef088bf928a2386fa19324628c3f19b807

PatchThird Party Advisory

https://github.com/Combodo/iTop/commit/6be9a87c150978752bc68baae1a5c4833ddadfec

PatchThird Party Advisory

https://github.com/Combodo/iTop/security/advisories/GHSA-ghqc-r8f6-q9m9

Third Party Advisory

Weaknesses

[email protected]

Primary
CWE-918

CVSS impact metrics

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

7.5 · High

  • CVSS V3.1

  • CVSS V3.0

  • CVSS V2.0

Information

Source identifier

[email protected]

Vulnerability status

Analyzed

Published

2021-10-19T18:15:07.783

3 years ago

Last modified

2021-10-22T20:49:49.767

3 years ago