Authenticated users of Combodo iTop can take over any account
CVE-2022-39214
9.6CRITICAL
What is CVE-2022-39214?
Combodo iTop, an open-source web-based IT service management platform, contains a vulnerability that allows authenticated users to take control of any account by simply knowing the username. This critical flaw has been addressed in the latest versions—2.7.8 and 3.0.2-1. It is essential for users to upgrade to these versions to protect against potential account takeover attacks. For further information and mitigation steps, refer to the official GitHub advisory.
Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.
Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.
Affected Version(s)
iTop < 2.7.8 < 2.7.8
iTop >= 3.0.0, < 3.0.2-1 < 3.0.0, 3.0.2-1
References
CVSS V3.1
Score:
9.6
Severity:
CRITICAL
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Changed
Timeline
Vulnerability published
Vulnerability Reserved