CVE-2024-32870: iTop hub connector Information disclosure
First published: Mon Nov 04 2024(Updated: )
Combodo iTop is a simple, web based IT Service Management tool. Server, OS, DBMS, PHP, and iTop info (name, version and parameters) can be read by anyone having access to iTop URI. This issue has been patched in versions 2.7.11, 3.0.5, 3.1.2, and 3.2.0. Users are advised to upgrade. There are no known workarounds for this vulnerability.
Credit: security-advisories@github.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| iTop | <2.7.11 | |
| iTop | >=3.0.0<3.0.5 | |
| iTop | >=3.1.0<3.1.2 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Frequently Asked Questions
What is the severity of CVE-2024-32870?
CVE-2024-32870 has a moderate severity as it allows unauthorized access to sensitive system information.
How do I fix CVE-2024-32870?
To fix CVE-2024-32870, you should upgrade to iTop versions 2.7.11, 3.0.5, 3.1.2, or 3.2.0.
What kind of information can be accessed due to CVE-2024-32870?
CVE-2024-32870 allows attackers to read server, OS, DBMS, PHP, and iTop configuration information.
Which versions of iTop are affected by CVE-2024-32870?
iTop versions prior to 2.7.11, between 3.0.0 and 3.0.5, and between 3.1.0 and 3.1.2 are affected by CVE-2024-32870.
Is there a patch for CVE-2024-32870?
Yes, the vulnerability has been patched in the latest versions of iTop.
- agent/weakness
- agent/references
- agent/title
- agent/description
- agent/type
- agent/first-publish-date
- agent/severity
- agent/author
- agent/event
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/softwarecombine
- agent/source
- agent/tags
- collector/nvd-api
- source/NVD
- agent/software-canonical-lookup
- agent/software-canonical-lookup-request
- vendor/combodo
- canonical/itop
- version/itop/3.0.0
- version/itop/3.1.0