CVE-2024-51993

Published Nov 7, 2024

Last updated 9 days ago

CVSS low 3.4

Overview

Description
Combodo iTop is a web based IT Service Management tool. An attacker accessing a backup file or the database can read some passwords for misconfigured Users. This issue has been addressed in version 3.2.0 and all users are advised to upgrade. Users unable to upgrade are advised to encrypt their backups independently of the iTop application. ### Patches Sanitize parameter ### References N°7631 - Password is stored in clear in the database.
Source
security-advisories@github.com
NVD status
Awaiting Analysis

Risk scores

CVSS 3.1

Type
Secondary
Base score
3.4
Impact score
2.5
Exploitability score
0.8
Vector string
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:N
Severity
LOW

CVSS 3.0

Type
Secondary
Base score
3.4
Impact score
2.5
Exploitability score
0.8
Vector string
CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:N
Severity
LOW

Weaknesses

security-advisories@github.com
CWE-312

Social media

Hype score
Not currently trending

  1. CVE-2024-51993 Combodo iTop is a web based IT Service Management tool. An attacker accessing a backup file or the database can read some passwords for misconfigured Users. This issu… https://t.co/6vEyHRuW2z

    @CVEnew

    7 Nov 2024

    362 Impressions

    1 Retweet

    1 Like

    0 Bookmarks

    0 Replies

    0 Quotes

References