Home > Vulnerability Database > CVE-2021-32663

Mend.io Vulnerability Database

CVE-2021-32663

Good to know:

Date: October 19, 2021

iTop is an open source web based IT Service Management tool. In affected versions an attacker can call the system setup without authentication. Given specific parameters this can lead to SSRF. This issue has been resolved in versions 2.6.5 and 2.7.5 and later

Language: PHP

Severity Score

7.5

Related Resources (5)

Url: https://github.com/Combodo/iTop/security/advisories/GHSA-ghqc-r8f6-q9m9

Url: https://github.com/Combodo/iTop/commit/6be9a87c150978752bc68baae1a5c4833ddadfec

Url: https://nvd.nist.gov/vuln/detail/CVE-2021-32663

Url: https://github.com/Combodo/iTop/commit/43daa2ef088bf928a2386fa19324628c3f19b807

Url: https://www.mend.io/vulnerability-database/CVE-2021-32663

Severity Score

7.5

Weakness Type (CWE)

Server-Side Request Forgery (SSRF)

CWE-918

Top Fix

Upgrade Version

Upgrade to version 2.7.5-1

Learn More

CVSS v3.1

Base Score:	7.5
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	NONE
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	NONE
Integrity (I):	HIGH
Availability (A):	NONE

CVSS v2

Base Score:	5.0
Access Vector (AV):	NETWORK
Access Complexity (AC):	LOW
Authentication (AU):	NONE
Confidentiality (C):	NONE
Integrity (I):	PARTIAL
Availability (A):	NONE
Additional information:

Mend.io Vulnerability Database

We found results for “”

CVE-2021-32663

Good to know:

Date: October 19, 2021

Language: PHP

Severity Score

Related Resources (5)

Severity Score

Weakness Type (CWE)

Top Fix

Upgrade Version

CVSS v3.1

CVSS v2

Do you need more information?