Privilege Escalation in Combodo iTop Web Application
CVE-2019-19821

8.1HIGH

Key Information:

Vendor

Combodo

Status
Itop
Vendor
CVE Published:
16 March 2020

What is CVE-2019-19821?

The web application of Combodo iTop has a vulnerability that enables authenticated users to escalate their privileges, allowing them to access and modify information with administrative permissions. This occurs due to the failure to properly follow the HTTP Location header in server responses. The issue has been addressed in versions 2.5.4, 2.6.3, and 2.7.0 of iTop.

References

https://www.combodo.com/itop-193
x_refsource_MISC
https://www.pentagrid.ch/de/blog/security_issues_in_teamp...
x_refsource_MISC
https://github.com/Combodo/iTop/security/advisories/GHSA-...
x_refsource_MISC

CVSS V3.1

Score:
8.1
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.