Home > Vulnerability Database > CVE-2024-51995

Mend.io Vulnerability Database

CVE-2024-51995

Date: November 7, 2024

Combodo iTop is a web based IT Service Management tool. An attacker can request any "route" we want as long as we specify an "operation" that is allowed. This issue has been addressed in version 3.2.0 by applying the same access control pattern as in "UI.php" to the "ajax.render.php" page which does not allow arbitrary "routes" to be dispatched. All users are advised to upgrade. There are no known workarounds for this vulnerability.

Language: PHP

Severity Score

7.1

Related Resources (3)

Url: https://github.com/Combodo/iTop/security/advisories/GHSA-3mxr-8r3j-j2j9

Url: https://nvd.nist.gov/vuln/detail/CVE-2024-51995

Url: https://www.mend.io/vulnerability-database/CVE-2024-51995

Severity Score

7.1

Weakness Type (CWE)

Improper Access Control

CWE-284

CVSS v3.1

Base Score:	7.1
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	HIGH
Privileges Required (PR):	LOW
User Interaction (UI):	NONE
Scope (S):	CHANGED
Confidentiality (C):	HIGH
Integrity (I):	LOW
Availability (A):	NONE

Mend.io Vulnerability Database

We found results for “”

CVE-2024-51995

Date: November 7, 2024

Language: PHP

Severity Score

Related Resources (3)

Severity Score

Weakness Type (CWE)

CVSS v3.1

Do you need more information?