Lucene search

[email protected]NVD:CVE-2021-32663

HistoryOct 19, 2021 - 6:15 p.m.

CVE-2021-32663

2021-10-1918:15:07

CWE-918

[email protected]

web.nvd.nist.gov

5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:N/C:N/I:P/A:N

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

0.001 Low

EPSS

Percentile

32.8%

JSON

iTop is an open source web based IT Service Management tool. In affected versions an attacker can call the system setup without authentication. Given specific parameters this can lead to SSRF. This issue has been resolved in versions 2.6.5 and 2.7.5 and later

Affected configurations

NVD

Node

combodoitopRange<2.6.5-

combodoitopRange2.7.0–2.7.5-

References

github.com/Combodo/iTop/commit/43daa2ef088bf928a2386fa19324628c3f19b807

github.com/Combodo/iTop/commit/6be9a87c150978752bc68baae1a5c4833ddadfec

github.com/Combodo/iTop/security/advisories/GHSA-ghqc-r8f6-q9m9

5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:N/C:N/I:P/A:N

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

0.001 Low

EPSS

Percentile

32.8%

JSON

Related for NVD:CVE-2021-32663

cvelist1 prion1 osv1 cve1