CVE-2021-32776

{"id": "CVE-2021-32776", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 6.8, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "MEDIUM", "availabilityImpact": "PARTIAL", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 6.4, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 8.6, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": true}], "cvssMetricV31": [{"type": "Secondary", "source": "security-advisories@github.com", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.8, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N", "integrityImpact": "HIGH", "userInteraction": "REQUIRED", "attackComplexity": "HIGH", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.2, "exploitabilityScore": 1.6}, {"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 8.8, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 2.8}]}, "published": "2021-07-21T21:15:07.857", "references": [{"url": "https://github.com/Combodo/iTop/security/advisories/GHSA-cxw7-2x7h-f7pr", "tags": ["Third Party Advisory"], "source": "security-advisories@github.com"}, {"url": "https://github.com/Combodo/iTop/security/advisories/GHSA-cxw7-2x7h-f7pr", "tags": ["Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Secondary", "source": "security-advisories@github.com", "description": [{"lang": "en", "value": "CWE-352"}]}, {"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-352"}]}], "descriptions": [{"lang": "en", "value": "Combodo iTop is a web based IT Service Management tool. In versions prior to 2.7.4, CSRF tokens can be reused by a malicious user, as on Windows servers no cleanup is done on CSRF tokens. This issue is fixed in versions 2.7.4 and 3.0.0."}, {"lang": "es", "value": "Combodo iTop es una herramienta de Administraci\u00f3n de servicios de TI basada en la web. En versiones anteriores a 2.7.4, los tokens CSRF pueden ser reusados por un usuario malicioso, ya que en los servidores Windows no se realiza una limpieza de los tokens CSRF. Este problema es corregido en versiones 2.7.4 y 3.0.0"}], "lastModified": "2024-11-21T06:07:43.097", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:combodo:itop:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "299D23A7-798A-4E44-AA25-E01E76440704", "versionEndExcluding": "2.7.4"}, {"criteria": "cpe:2.3:a:combodo:itop:3.0.0:alpha:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "608F63C6-0F54-47D8-BFD5-FB5511BDB548"}, {"criteria": "cpe:2.3:a:combodo:itop:3.0.0:beta:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "DD7E6A6A-9B1D-4BA7-9A58-ACEE1ABC46EB"}, {"criteria": "cpe:2.3:a:combodo:itop:3.0.0:beta2:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "AF68C176-A8C3-4C88-A344-74CB0E682987"}], "operator": "OR"}]}], "sourceIdentifier": "security-advisories@github.com"}