CVE-2021-32663

Published: Oct 19, 2021Modified: Nov 21, 2024

7.5

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

Exploitability: 3.9 / Impact: 3.6

Source: NVD

Description

iTop is an open source web based IT Service Management tool. In affected versions an attacker can call the system setup without authentication. Given specific parameters this can lead to SSRF. This issue has been resolved in versions 2.6.5 and 2.7.5 and later

Affected (2)

Products: Combodo: Itop

1 product

Configuration A

2 vulnerable

Vulnerable Software	Affected Versions
Combodo Itop	Before 2.6.5
Combodo Itop	From 2.7.0 to 2.7.5

Related CWEs

Server-Side Request Forgery (SSRF)

The web server receives a URL or similar request from an upstream component and retrieves the contents of this URL, but it does not sufficiently ensure that the request is being sent to the expected destination.

References (6)

https://github.com/Combodo/iTop/commit/43daa2ef088bf928a2386fa19324628c3f19b807

Source: security-advisories@github.com

PatchThird Party Advisory

https://github.com/Combodo/iTop/commit/6be9a87c150978752bc68baae1a5c4833ddadfec

Source: security-advisories@github.com

PatchThird Party Advisory

https://github.com/Combodo/iTop/security/advisories/GHSA-ghqc-r8f6-q9m9

Source: security-advisories@github.com

Third Party Advisory

https://github.com/Combodo/iTop/commit/43daa2ef088bf928a2386fa19324628c3f19b807

Source: af854a3a-2127-422b-91ae-364da2661108

PatchThird Party Advisory

https://github.com/Combodo/iTop/commit/6be9a87c150978752bc68baae1a5c4833ddadfec

Source: af854a3a-2127-422b-91ae-364da2661108

PatchThird Party Advisory

https://github.com/Combodo/iTop/security/advisories/GHSA-ghqc-r8f6-q9m9

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

Timeline

No history available yet.