Home > Vulnerability Database > CVE-2024-51993

Mend.io Vulnerability Database

CVE-2024-51993

Date: November 7, 2024

Combodo iTop is a web based IT Service Management tool. An attacker accessing a backup file or the database can read some passwords for misconfigured Users. This issue has been addressed in version 3.2.0 and all users are advised to upgrade. Users unable to upgrade are advised to encrypt their backups independently of the iTop application. Patches Sanitize parameter References N°7631 - Password is stored in clear in the database.

Language: PHP

Severity Score

3.4

Related Resources (3)

Url: https://nvd.nist.gov/vuln/detail/CVE-2024-51993

Url: https://github.com/Combodo/iTop/security/advisories/GHSA-9mq5-349x-x427

Url: https://www.mend.io/vulnerability-database/CVE-2024-51993

Severity Score

3.4

Weakness Type (CWE)

Cleartext Storage of Sensitive Information

CWE-312

CVSS v3.1

Base Score:	3.4
Attack Vector (AV):	LOCAL
Attack Complexity (AC):	LOW
Privileges Required (PR):	HIGH
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	LOW
Integrity (I):	LOW
Availability (A):	NONE

Mend.io Vulnerability Database

We found results for “”

CVE-2024-51993

Date: November 7, 2024

Language: PHP

Severity Score

Related Resources (3)

Severity Score

Weakness Type (CWE)

CVSS v3.1

Do you need more information?