Vulnerability DatabaseCVE-2024-51995
Mend.io Vulnerability Database
The largest open source vulnerability database
What is a Vulnerability ID?
New vulnerability? Tell us about it!
CVE-2024-51995
November 07, 2024
Combodo iTop is a web based IT Service Management tool. An attacker can request any "route" we want as long as we specify an "operation" that is allowed. This issue has been addressed in version 3.2.0 by applying the same access control pattern as in "UI.php" to the "ajax.render.php" page which does not allow arbitrary "routes" to be dispatched. All users are advised to upgrade. There are no known workarounds for this vulnerability.
Related Resources (1)
https://github.com/Combodo/iTop/security/advisories/GHSA-3mxr-8r3j-j2j9
Do you need more information?
Contact Us
CVSS v4
Base Score:
7.1
Attack Vector
NETWORK
Attack Complexity
HIGH
Attack Requirements
NONE
Privileges Required
LOW
User Interaction
NONE
Vulnerable System Confidentiality
HIGH
Vulnerable System Integrity
LOW
Vulnerable System Availability
NONE
Subsequent System Confidentiality
HIGH
Subsequent System Integrity
LOW
Subsequent System Availability
NONE
CVSS v3
Base Score:
7.1
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
LOW
User Interaction
NONE
Scope
CHANGED
Confidentiality
HIGH
Integrity
LOW
Availability
NONE
Weakness Type (CWE)
Improper Access Control
CWE-284
EPSS
Base Score:
0.11