CVE-2019-19821: XSS
First published: Mon Mar 16 2020(Updated: )
A post-authentication privilege escalation in the web application of Combodo iTop allows regular authenticated users to access information and modify information with administrative privileges by not following the HTTP Location header in server responses. This is fixed in all iTop packages (community, essential, professional) in versions : 2.5.4, 2.6.3, 2.7.0
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Combodo iTop | <2.7 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is CVE-2019-19821?
CVE-2019-19821 is a post-authentication privilege escalation vulnerability in the web application of Combodo iTop.
How does CVE-2019-19821 impact Combodo iTop?
CVE-2019-19821 allows regular authenticated users to access and modify information with administrative privileges.
What is the severity of CVE-2019-19821?
The severity of CVE-2019-19821 is high with a severity value of 8.1.
How can I fix CVE-2019-19821 in Combodo iTop?
To fix CVE-2019-19821, it is recommended to update to the latest version of iTop packages (community or commercial).
Where can I find more information about CVE-2019-19821?
You can find more information about CVE-2019-19821 on the official Combodo iTop website and the GitHub security advisory.
- collector/nvd-index
- agent/weakness
- agent/references
- agent/severity
- agent/author
- agent/type
- agent/tags
- agent/event
- agent/description
- agent/last-modified-date
- agent/softwarecombine
- agent/first-publish-date
- vendor/combodo
- canonical/combodo itop