← Back

CVE-2024-32870

nvd nistnuclei
Published: Nov 5, 2024Modified: Nov 13, 2024

JSON object

Loading...
5.8
Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N
Exploitability: 3.9 / Impact: 1.4
Source: NVD

Description

Combodo iTop is a simple, web based IT Service Management tool. Server, OS, DBMS, PHP, and iTop info (name, version and parameters) can be read by anyone having access to iTop URI. This issue has been patched in versions 2.7.11, 3.0.5, 3.1.2, and 3.2.0. Users are advised to upgrade. There are no known workarounds for this vulnerability.

Affected (3)

Products: Combodo: Itop
Combodo
1 product
Itop
Configuration A
3 vulnerable
Vulnerable SoftwareAffected Versions
Combodo
Itop
Before 2.7.11
Itop
From 3.0.0 to 3.0.5
Itop
From 3.1.0 to 3.1.2

Related CWEs

CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

References (1)

Source: security-advisories@github.com
Vendor Advisory

Timeline

No history available yet.