Lucene search

GitHub_MCVELIST:CVE-2021-32663

HistoryOct 19, 2021 - 5:40 p.m.

CVE-2021-32663 Unauthorized setup leads to SSRF in Combodo/iTop

2021-10-1917:40:11

CWE-918

GitHub_M

www.cve.org

8.7 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N

8.7 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

32.8%

JSON

iTop is an open source web based IT Service Management tool. In affected versions an attacker can call the system setup without authentication. Given specific parameters this can lead to SSRF. This issue has been resolved in versions 2.6.5 and 2.7.5 and later

CNA Affected

[
  {
    "product": "iTop",
    "vendor": "Combodo",
    "versions": [
      {
        "status": "affected",
        "version": "< 2.6.5"
      },
      {
        "status": "affected",
        "version": ">= 2.7.0, < 2.7.5"
      }
    ]
  }
]

References

github.com/Combodo/iTop/commit/43daa2ef088bf928a2386fa19324628c3f19b807

github.com/Combodo/iTop/commit/6be9a87c150978752bc68baae1a5c4833ddadfec

github.com/Combodo/iTop/security/advisories/GHSA-ghqc-r8f6-q9m9

8.7 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N

8.7 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

32.8%

JSON

Related for CVELIST:CVE-2021-32663