Cross-Site Request Forgery Vulnerability in Combodo iTop Prior to Versions 2.7.11, 3.1.2, and 3.2.0
CVE-2024-54139
7.9HIGH
Key Information
- Vendor
- Combodo
- Status
- Itop
- Vendor
- CVE Published:
- 13 December 2024
Summary
Combodo iTop is an open source and web-based IT service management platform. Prior to versions 2.7.11, 3.1.2, and 3.2.0., iTop has a cross-site scripting vulnerability that can lead to cross-site request forgery on the _table_id parameter. Versions 2.7.11, 3.1.2, and 3.2.0 contain a patch for the issue.
Affected Version(s)
iTop < 2.7.11
iTop < 3.0.0-alpha, 3.1.2
iTop < 3.2.0-alpha1, 3.2.0
Refferences
CVSS V3.1
Score:
7.9
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
Low
Attack Vector:
Network
Attack Complexity:
High
Privileges Required:
Low
User Interaction:
Required
Scope:
Changed
Timeline
Vulnerability published.
Vulnerability Reserved.
Collectors
NVD DatabaseMitre Database