
We found results for “”
CVE-2024-51995
Date: November 7, 2024
Combodo iTop is a web based IT Service Management tool. An attacker can request any "route" we want as long as we specify an "operation" that is allowed. This issue has been addressed in version 3.2.0 by applying the same access control pattern as in "UI.php" to the "ajax.render.php" page which does not allow arbitrary "routes" to be dispatched. All users are advised to upgrade. There are no known workarounds for this vulnerability.
Language: PHP
Severity Score
Severity Score
Weakness Type (CWE)
Improper Access Control
CWE-284CVSS v3.1
Base Score: |
|
---|---|
Attack Vector (AV): | NETWORK |
Attack Complexity (AC): | HIGH |
Privileges Required (PR): | LOW |
User Interaction (UI): | NONE |
Scope (S): | CHANGED |
Confidentiality (C): | HIGH |
Integrity (I): | LOW |
Availability (A): | NONE |