Overview
- Description
- Combodo iTop is a simple, web based IT Service Management tool. A CSRF can be performed on CSV import simulation. This issue has been fixed in versions 3.1.2 and 3.2.0. All users are advised to upgrade. There are no known workarounds for this vulnerability.
- Source
- security-advisories@github.com
- NVD status
- Analyzed
Risk scores
CVSS 3.1
- Type
- Primary
- Base score
- 8.8
- Impact score
- 5.9
- Exploitability score
- 2.8
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
- Severity
- HIGH
Weaknesses
- security-advisories@github.com
- CWE-352
Social media
- Hype score
- Not currently trending
CVE-2024-31998 CSRF Vulnerability on CSV Import in Combodo iTop Fixed Combodo iTop is a simple tool for managing IT services online. A CSRF vulnerability was found in CSV import simulation. This problem was fixed... https://t.co/SkzMC0zGJ5
@VulmonFeeds
5 Nov 2024
37 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
[CVE-2024-31998: HIGH] 🔒 Update now! A CSRF vulnerability in Combodo iTop's CSV import simulation fixed in versions 3.1.2 and 3.2.0. Upgrade to stay protected in your IT Service Management operations.#cybersecurity,#vulnerability https://t.co/RdMsHrixno https://t.co/uRLmPuqCVO
@CveFindCom
5 Nov 2024
46 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2024-31998 Combodo iTop is a simple, web based IT Service Management tool. A CSRF can be performed on CSV import simulation. This issue has been fixed in versions 3.1.2 and 3.2.… https://t.co/7sTpWQXQjA
@CVEnew
4 Nov 2024
403 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Configurations
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:combodo:itop:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "4B1E5E6E-1398-4908-9D8F-25C8C667F3D2",
"versionEndExcluding": "3.1.2"
}
],
"operator": "OR"
}
]
}
]