CVE-2021-21406

Опубликовано: 21 июл. 2021

Источник: nvd

CVSS3: 5.8

CVSS3: 8.8

CVSS2: 6.5

EPSS Низкий

Описание

Combodo iTop is an open source, web based IT Service Management tool. In versions prior to 2.7.4, there is a command injection vulnerability in the Setup Wizard when providing Graphviz executable path. The vulnerability is patched in version 2.7.4 and 3.0.0.

Ссылки

https://github.com/Combodo/iTop/security/advisories/GHSA-pf95-6h7q-q85x
Third Party Advisory
https://github.com/Combodo/iTop/security/advisories/GHSA-pf95-6h7q-q85x
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:combodo:itop:*:*:*:*:*:*:*:*

Версия до 2.7.4 (исключая)

cpe:2.3:a:combodo:itop:2.7.5:*:*:*:*:*:*:*

cpe:2.3:a:combodo:itop:2.7.5-1:*:*:*:*:*:*:*

EPSS

Процентиль: 68%

0.00575

Низкий

5.8 Medium

CVSS3

8.8 High

CVSS3

6.5 Medium

CVSS2

Дефекты

CWE-77

EPSS

Процентиль: 68%

0.00575

Низкий

5.8 Medium

CVSS3

8.8 High

CVSS3

6.5 Medium

CVSS2

Дефекты

CWE-77