Описание
Combodo iTop is a web based IT Service Management tool. In versions prior to 2.7.6 and 3.0.0, CSRF tokens generated by privUITransactionFile aren't properly checked. Versions 2.7.6 and 3.0.0 contain a patch for this issue. As a workaround, use the session implementation by adding in the iTop config file.
Ссылки
- PatchThird Party Advisory
- MitigationThird Party Advisory
- ExploitThird Party Advisory
- PatchThird Party Advisory
- MitigationThird Party Advisory
- ExploitThird Party Advisory
Уязвимые конфигурации
Конфигурация 1Версия до 2.7.6 (исключая)
cpe:2.3:a:combodo:itop:*:*:*:*:*:*:*:*
EPSS
Процентиль: 33%
0.00132
Низкий
6.5 Medium
CVSS3
8.1 High
CVSS3
5.8 Medium
CVSS2
Дефекты
CWE-352
EPSS
Процентиль: 33%
0.00132
Низкий
6.5 Medium
CVSS3
8.1 High
CVSS3
5.8 Medium
CVSS2
Дефекты
CWE-352