CVE-2021-32663

Summary

iTop is an open source web based IT Service Management tool. In affected versions an attacker can call the system setup without authentication. Given specific parameters this can lead to SSRF. This issue has been resolved in versions 2.6.5 and 2.7.5 and later

Affected Software

VendorProductVersion RangeStatus
CombodoiTop< 2.6.5affected
CombodoiTop>= 2.7.0, < 2.7.5affected

Weaknesses

  • CWE-918: CWE-918: Server-Side Request Forgery (SSRF)

ADP Enrichment

CVE Program Container

Additional References

References