CVE-2024-51995

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2024-51995
Combodo iTop is a web based IT Service Management tool. An attacker can request any `route` we want as long as we specify an `operation` that is allowed. This issue has been addressed in version 3.2.0 by applying the same access control pattern as in `UI.php` to the `ajax.render.php` page which does not allow arbitrary `routes` to be dispatched. All users are advised to upgrade. There are no known workarounds for this vulnerability.

7.1 /10

CVSS v3 : HIGH

V3 Legend

Vector :

Exploitability : 1.8 / Impact : 4.7

Attack Vector NETWORK

Attack Complexity HIGH

Privileges Required LOW

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact LOW

Availability Impact NONE

Scope CHANGED

References
Link Resource
https://github.com/Combodo/iTop/security/advisories/GHSA-3mxr-8r3j-j2j9
Configurations

No configuration.

History

08 Nov 2024, 19:01

Type Values Removed Values Added
Summary
  • (es) Combodo iTop es una herramienta de gestión de servicios de TI basada en la web. Un atacante puede solicitar cualquier «ruta» que queramos siempre que especifiquemos una «operación» que esté permitida. Este problema se ha solucionado en la versión 3.2.0 aplicando el mismo patrón de control de acceso que en «UI.php» a la página «ajax.render.php», que no permite enviar «rutas» arbitrarias. Se recomienda a todos los usuarios que actualicen la versión. No existen workarounds para esta vulnerabilidad.

07 Nov 2024, 18:15

Type Values Removed Values Added
New CVE
Information

Published : 2024-11-07 18:15

Updated : 2024-11-08 19:01

NVD link : CVE-2024-51995

Mitre link : CVE-2024-51995

CVE.ORG link : CVE-2024-51995

JSON object : View

Products Affected

No product.

CWE
CWE-284

Improper Access Control


NetmanageIT Website NetmanageIT OSINT Web NetmanageIT OpenCTI NetmanageIT PDF Tools NetmanageIT CTO Corner Blog NetmanageIT Email Header Analyzer NetmanageIT Password Pusher NetmanageIT Internet Health and Latency Dashboard NetmanageIT Dedicated Speed Test Site NetmanageIT Ubuntu Mirror 10Gbps Copyright OpenCVE 2024