Access Control Weakness in Combodo iTop IT Service Management Tool
CVE-2024-51995
Currently unrated
What is CVE-2024-51995?
The Combodo iTop IT Service Management tool is affected by a security vulnerability that allows an attacker to manipulate unstable route access by specifying permitted operations. This flaw arises from inadequate access control measures on the ajax.render.php page, which previously permitted arbitrary route dispatching. To mitigate this risk, users are strongly encouraged to upgrade to version 3.2.0, which implements a robust access control pattern similar to that found in the UI.php, thus preventing unauthorized route access. No workarounds are available for this vulnerability, making the upgrade essential for security.