CVE-2021-21407: Portal : the CSRF token isn't validated
First published: Wed Jul 21 2021(Updated: )
Combodo iTop is an open source, web based IT Service Management tool. Prior to version 2.7.4, the CSRF token validation can be bypassed through iTop portal via a tricky browser procedure. The vulnerability is patched in version 2.7.4 and 3.0.0.
Credit: security-advisories@github.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Combodo iTop | <2.7.4 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Frequently Asked Questions
What is CVE-2021-21407?
CVE-2021-21407 is a CSRF token validation bypass vulnerability in Combodo iTop prior to version 2.7.4.
How does the CSRF token validation bypass work in Combodo iTop?
The CSRF token validation can be bypassed through iTop portal via a tricky browser procedure.
Which versions of Combodo iTop are affected by CVE-2021-21407?
Combodo iTop versions up to and excluding 2.7.4 are affected by CVE-2021-21407.
How can I fix CVE-2021-21407?
To fix CVE-2021-21407, upgrade to version 2.7.4 or any version higher than 2.7.4.
How severe is CVE-2021-21407?
CVE-2021-21407 has a severity score of 6.5 (High).
- collector/nvd-index
- agent/type
- collector/mitre-cve
- source/MITRE
- agent/severity
- agent/title
- agent/weakness
- agent/last-modified-date
- agent/author
- agent/references
- agent/tags
- agent/softwarecombine
- agent/description
- agent/first-publish-date
- agent/event
- vendor/combodo
- canonical/combodo itop