← Back

CVE-2024-52002

nvd nist
Published: Nov 8, 2024Modified: Jan 7, 2025

JSON object

Loading...
8.8
Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Exploitability: 2.8 / Impact: 5.9
Source: NVD

Description

Combodo iTop is a simple, web based IT Service Management tool. Several url endpoints are subject to a Cross-Site Request Forgery (CSRF) vulnerability. Please refer to the linked GHSA for the complete list. This issue has been addressed in version 3.2.0 and all users are advised to upgrade. There are no known workarounds for this vulnerability.

Affected (1)

Products: Combodo: Itop
Combodo
1 product
Itop
Configuration A
1 vulnerable
Vulnerable SoftwareAffected Versions
Itop
Before 3.2.0

Related CWEs

CWE-352
Cross-Site Request Forgery (CSRF)
The web application does not, or can not, sufficiently verify whether a well-formed, valid, consistent request was intentionally provided by the user who submitted the request.

References (1)

Source: security-advisories@github.com
Vendor Advisory

Timeline

No history available yet.