cbcvebase.
CVE-2019-19821
published 2020-03-16

CVE-2019-19821: A post-authentication privilege escalation in the web application of Combodo iTop allows regular authenticated users to access information and modify…

PriorityP348high8.1CVSS 3.1
AVNACLPRLUINSUCHIHAN
EPSS
1.43%
69.7th percentile
A post-authentication privilege escalation in the web application of Combodo iTop allows regular authenticated users to access information and modify information with administrative privileges by not following the HTTP Location header in server responses. This is fixed in all iTop packages (community, essential, professional) in versions : 2.5.4, 2.6.3, 2.7.0

Affected

1 ranges
VendorProductVersion rangeFixed in
combodoitop< 2.72.7

CVSS provenance

nvdv3.18.1HIGHCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
nvdv2.05.5MEDIUMAV:N/AC:L/Au:S/C:P/I:P/A:N
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.