CVE-2021-21407
8
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:N
Summary
Combodo iTop is an open source, web based IT Service Management tool. Prior to version 2.7.4, the CSRF token validation can be bypassed through iTop portal via a tricky browser procedure. The vulnerability is patched in version 2.7.4 and 3.0.0.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Combodo | iTop | < 2.7.4 | affected |
Weaknesses
- CWE-352: CWE-352: Cross-Site Request Forgery (CSRF)
ADP Enrichment
CVE Program Container
Additional References
References
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.