CVE-2024-54139

Summary

Combodo iTop is an open source and web-based IT service management platform. Prior to versions 2.7.11, 3.1.2, and 3.2.0., iTop has a cross-site scripting vulnerability that can lead to cross-site request forgery on the _table_id parameter. Versions 2.7.11, 3.1.2, and 3.2.0 contain a patch for the issue.

Affected Software

VendorProductVersion RangeStatus
CombodoiTop< 2.7.11affected
CombodoiTop>= 3.0.0-alpha, < 3.1.2affected
CombodoiTop>= 3.2.0-alpha1, < 3.2.0affected

Weaknesses

  • CWE-79: CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
  • CWE-352: CWE-352: Cross-Site Request Forgery (CSRF)

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: total

References