CVE-2021-32663
8.7
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N
Summary
iTop is an open source web based IT Service Management tool. In affected versions an attacker can call the system setup without authentication. Given specific parameters this can lead to SSRF. This issue has been resolved in versions 2.6.5 and 2.7.5 and later
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Combodo | iTop | < 2.6.5 | affected |
| Combodo | iTop | >= 2.7.0, < 2.7.5 | affected |
Weaknesses
- CWE-918: CWE-918: Server-Side Request Forgery (SSRF)
ADP Enrichment
CVE Program Container
Additional References
- https://github.com/Combodo/iTop/security/advisories/GHSA-ghqc-r8f6-q9m9
- https://github.com/Combodo/iTop/commit/43daa2ef088bf928a2386fa19324628c3f19b807
- https://github.com/Combodo/iTop/commit/6be9a87c150978752bc68baae1a5c4833ddadfec
References
- https://github.com/Combodo/iTop/security/advisories/GHSA-ghqc-r8f6-q9m9
- https://github.com/Combodo/iTop/commit/43daa2ef088bf928a2386fa19324628c3f19b807
- https://github.com/Combodo/iTop/commit/6be9a87c150978752bc68baae1a5c4833ddadfec
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.