icon

We found results for “

CVE-2024-51995

Date: November 7, 2024

Combodo iTop is a web based IT Service Management tool. An attacker can request any "route" we want as long as we specify an "operation" that is allowed. This issue has been addressed in version 3.2.0 by applying the same access control pattern as in "UI.php" to the "ajax.render.php" page which does not allow arbitrary "routes" to be dispatched. All users are advised to upgrade. There are no known workarounds for this vulnerability.

Language: PHP

Severity Score

Severity Score

Weakness Type (CWE)

Improper Access Control

CWE-284

CVSS v3.1

Base Score:
Attack Vector (AV): NETWORK
Attack Complexity (AC): HIGH
Privileges Required (PR): LOW
User Interaction (UI): NONE
Scope (S): CHANGED
Confidentiality (C): HIGH
Integrity (I): LOW
Availability (A): NONE

Do you need more information?

Contact Us