CVE-2021-32663
published 2021-10-19CVE-2021-32663: iTop is an open source web based IT Service Management tool. In affected versions an attacker can call the system setup without authentication. Given specific…
PriorityP345high7.5CVSS 3.1
AVNACLPRNUINSUCNIHAN
EPSS
1.41%
69.4th percentile
iTop is an open source web based IT Service Management tool. In affected versions an attacker can call the system setup without authentication. Given specific parameters this can lead to SSRF. This issue has been resolved in versions 2.6.5 and 2.7.5 and later
Affected
3 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| combodo | itop | < 2.6.5 | 2.6.5 |
| combodo | itop | — | — |
| combodo | itop | >= 2.7.0 < 2.7.5 | 2.7.5 |
CVSS provenance
nvdv3.17.5HIGHCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
nvdv2.05.0MEDIUMAV:N/AC:L/Au:N/C:N/I:P/A:N
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No advisories linked to this vulnerability.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
https://github.com/Combodo/iTop/commit/43daa2ef088bf928a2386fa19324628c3f19b807https://github.com/Combodo/iTop/commit/6be9a87c150978752bc68baae1a5c4833ddadfechttps://github.com/Combodo/iTop/security/advisories/GHSA-ghqc-r8f6-q9m9https://github.com/Combodo/iTop/commit/43daa2ef088bf928a2386fa19324628c3f19b807https://github.com/Combodo/iTop/commit/6be9a87c150978752bc68baae1a5c4833ddadfechttps://github.com/Combodo/iTop/security/advisories/GHSA-ghqc-r8f6-q9m9
2021-10-19
Published