Overview
- Description
- iTop is an open source web based IT Service Management tool. In affected versions an attacker can call the system setup without authentication. Given specific parameters this can lead to SSRF. This issue has been resolved in versions 2.6.5 and 2.7.5 and later
- Source
- security-advisories@github.com
- NVD status
- Analyzed
Risk scores
CVSS 3.1
- Type
- Primary
- Base score
- 7.5
- Impact score
- 3.6
- Exploitability score
- 3.9
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
- Severity
- HIGH
CVSS 2.0
- Type
- Primary
- Base score
- 5
- Impact score
- 2.9
- Exploitability score
- 10
- Vector string
- AV:N/AC:L/Au:N/C:N/I:P/A:N
Weaknesses
- security-advisories@github.com
- CWE-918
Social media
- Hype score
- Not currently trending
Configurations
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:combodo:itop:*:*:*:*:-:*:*:*",
"vulnerable": true,
"matchCriteriaId": "AAB96E6A-21B3-40F1-9833-629464EE4710",
"versionEndExcluding": "2.6.5"
},
{
"criteria": "cpe:2.3:a:combodo:itop:*:*:*:*:-:*:*:*",
"vulnerable": true,
"matchCriteriaId": "CD3B1BB6-B0AB-49F6-A327-DAC73045502B",
"versionEndExcluding": "2.7.5",
"versionStartIncluding": "2.7.0"
}
],
"operator": "OR"
}
]
}
]