exploitDog

CVE-2024-51995

Опубликовано: 07 нояб. 2024

Источник: nvd

CVSS3: 7.1

CVSS3: 7.1

EPSS Низкий

Описание

Combodo iTop is a web based IT Service Management tool. An attacker can request any route we want as long as we specify an operation that is allowed. This issue has been addressed in version 3.2.0 by applying the same access control pattern as in UI.php to the ajax.render.php page which does not allow arbitrary routes to be dispatched. All users are advised to upgrade. There are no known workarounds for this vulnerability.

Ссылки

https://github.com/Combodo/iTop/security/advisories/GHSA-3mxr-8r3j-j2j9
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:combodo:itop:*:*:*:*:*:*:*:*

Версия до 3.2.0 (исключая)

EPSS

Процентиль: 29%

0.00106

Низкий

7.1 High

CVSS3

7.1 High

CVSS3

Дефекты

CWE-284

EPSS

Процентиль: 29%

0.00106

Низкий

7.1 High

CVSS3

7.1 High

CVSS3

Дефекты

CWE-284