CVE Vulnerability

CVE-2021-32663

iTop is an open source web based IT Service Management tool. In affected versions an attacker can call the system setup without authentication. Given specific parameters this can lead to SSRF. This issue has been resolved in versions 2.6.5 and 2.7.5 and later

5 /10

CVSS v2.0 :

V3 Legend

Vector :

Exploitability : 10 / Impact : 2.9

Attack Vector

Attack Complexity

Privileges Required

User Interaction

Confidentiality Impact NONE

Integrity Impact PARTIAL

Availability Impact NONE

Scope

7.5 /10

CVSS v3.0 : HIGH

V3 Legend

Vector :

Exploitability : 3.9 / Impact : 3.6

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact HIGH

Availability Impact NONE

Scope UNCHANGED

References
Link Resource
https://github.com/Combodo/iTop/security/advisories/GHSA-ghqc-r8f6-q9m9 Third Party Advisory
https://github.com/Combodo/iTop/commit/43daa2ef088bf928a2386fa19324628c3f19b807 Patch Third Party Advisory
https://github.com/Combodo/iTop/commit/6be9a87c150978752bc68baae1a5c4833ddadfec Patch Third Party Advisory
Configurations

Configuration 1

cpe:2.3:a:combodo:itop:*:*:*:*:-:*:*:*
cpe:2.3:a:combodo:itop:*:*:*:*:-:*:*:*
Information

Published : 2021-10-19 06:15

Updated : 2021-10-22 08:49

NVD link : CVE-2021-32663

Mitre link : CVE-2021-32663

Products Affected
No products.
CWE
CWE-918

Server-Side Request Forgery (SSRF)