CVE-2023-48709
published 2024-04-15CVE-2023-48709: iTop is an IT service management platform. When exporting data from backoffice or portal in CSV or Excel files, users' inputs may include malicious formulas…
PriorityP344high8CVSS 3.1
AVNACLPRLUIRSUCHIHAH
EPSS
0.96%
57.0th percentile
iTop is an IT service management platform. When exporting data from backoffice or portal in CSV or Excel files, users' inputs may include malicious formulas that may be imported into Excel. As Excel 2016 does **not** prevent Remote Code Execution by default, uninformed users may become victims. This vulnerability is fixed in 2.7.9, 3.0.4, 3.1.1, and 3.2.0.
Affected
5 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| combodo | itop | < 2.7.9 | 2.7.9 |
| combodo | itop | — | — |
| combodo | itop | — | — |
| combodo | itop | >= 3.0.0 < 3.0.4 | 3.0.4 |
| combodo | itop | >= 3.1.0 < 3.1.1 | 3.1.1 |
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No advisories linked to this vulnerability.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
https://github.com/Combodo/iTop/commit/083a0b79bfa2c106735b5c10eddb35a05ec7f04ahttps://github.com/Combodo/iTop/commit/b10bcb976dfe8e55aa0f659bfbcdd18334a1b17chttps://github.com/Combodo/iTop/security/advisories/GHSA-9q3x-9987-53x9https://github.com/Combodo/iTop/commit/083a0b79bfa2c106735b5c10eddb35a05ec7f04ahttps://github.com/Combodo/iTop/commit/b10bcb976dfe8e55aa0f659bfbcdd18334a1b17chttps://github.com/Combodo/iTop/security/advisories/GHSA-9q3x-9987-53x9
2024-04-15
Published