CVE-2021-21406

Combodo iTop is an open source, web based IT Service Management tool. In versions prior to 2.7.4, there is a command injection vulnerability in the Setup Wizard when providing Graphviz executable path. The vulnerability is patched in version 2.7.4 and 3.0.0.
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:combodo:itop:*:*:*:*:*:*:*:*
cpe:2.3:a:combodo:itop:2.7.5:*:*:*:*:*:*:*
cpe:2.3:a:combodo:itop:2.7.5-1:*:*:*:*:*:*:*

History

21 Nov 2024, 05:48

Type Values Removed Values Added
References () https://github.com/Combodo/iTop/security/advisories/GHSA-pf95-6h7q-q85x - Third Party Advisory () https://github.com/Combodo/iTop/security/advisories/GHSA-pf95-6h7q-q85x - Third Party Advisory
CVSS v2 : 6.5
v3 : 8.8
v2 : 6.5
v3 : 5.8

Information

Published : 2021-07-21 15:15

Updated : 2024-11-21 05:48


NVD link : CVE-2021-21406

Mitre link : CVE-2021-21406

CVE.ORG link : CVE-2021-21406


JSON object : View

Products Affected

combodo

  • itop
CWE
CWE-77

Improper Neutralization of Special Elements used in a Command ('Command Injection')