What is the severity of CVE-2024-51993?

CVE-2024-51993 has been classified as a high severity vulnerability due to the potential exposure of sensitive passwords.

How do I fix CVE-2024-51993?

To fix CVE-2024-51993, it is recommended to upgrade to version 3.2.0 of Combodo iTop.

What impact does CVE-2024-51993 have on users?

CVE-2024-51993 allows attackers to access backup files or databases to read misconfigured user passwords.

Is there a workaround for CVE-2024-51993 if I cannot upgrade?

If unable to upgrade due to restrictions, users should reconfigure their settings to ensure sensitive data is not accessible.

When was CVE-2024-51993 disclosed?

CVE-2024-51993 was disclosed recently, emphasizing the importance for users to take immediate action.

Vulnerability/
CVE-2024-51993

low

3.4

CWE

312

7/11/2024

8/11/2024

CVE-2024-51993: Password is stored in clear in the database in Combodo iTop

First published: Thu Nov 07 2024(Updated: )

Combodo iTop is a web based IT Service Management tool. An attacker accessing a backup file or the database can read some passwords for misconfigured Users. This issue has been addressed in version 3.2.0 and all users are advised to upgrade. Users unable to upgrade are advised to encrypt their backups independently of the iTop application. ### Patches Sanitize parameter ### References N°7631 - Password is stored in clear in the database.

Credit: security-advisories@github.com

Affected Software	Affected Version	How to fix
iTop	<3.2.0

Never miss a vulnerability like this again

Reference Links

https://github.com/Combodo/iTop/security/advisories/GHSA-9mq5-349x-x427

Frequently Asked Questions

What is the severity of CVE-2024-51993?
CVE-2024-51993 has been classified as a high severity vulnerability due to the potential exposure of sensitive passwords.
How do I fix CVE-2024-51993?
To fix CVE-2024-51993, it is recommended to upgrade to version 3.2.0 of Combodo iTop.
What impact does CVE-2024-51993 have on users?
CVE-2024-51993 allows attackers to access backup files or databases to read misconfigured user passwords.
Is there a workaround for CVE-2024-51993 if I cannot upgrade?
If unable to upgrade due to restrictions, users should reconfigure their settings to ensure sensitive data is not accessible.
When was CVE-2024-51993 disclosed?
CVE-2024-51993 was disclosed recently, emphasizing the importance for users to take immediate action.

agent/weakness
agent/title
agent/references
agent/type
agent/description
agent/first-publish-date
agent/author
agent/event
agent/severity
collector/nvd-api
source/NVD
agent/last-modified-date
collector/mitre-cve
source/MITRE
agent/source
agent/softwarecombine
agent/tags
agent/guess-ai
agent/software-canonical-lookup
agent/software-canonical-lookup-request
vendor/combodo
canonical/itop

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co

By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.