CVE-2021-32663: Unauthorized setup leads to SSRF in Combodo/iTop
First published: Tue Oct 19 2021(Updated: )
iTop is an open source web based IT Service Management tool. In affected versions an attacker can call the system setup without authentication. Given specific parameters this can lead to SSRF. This issue has been resolved in versions 2.6.5 and 2.7.5 and later
Credit: security-advisories@github.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Combodo iTop | <2.6.5 | |
| Combodo iTop | >=2.7.0<2.7.5 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- collector/nvd-index
- agent/type
- agent/softwarecombine
- agent/remedy
- collector/mitre-cve
- source/MITRE
- agent/author
- agent/severity
- agent/title
- agent/weakness
- agent/references
- agent/last-modified-date
- agent/tags
- agent/description
- agent/first-publish-date
- agent/event
- vendor/combodo
- canonical/combodo itop
- version/combodo itop/2.7.0