Lucene search
K

5 matches found

OSV
OSV
added 2024/04/15 5:28 p.m.29 views

CVE-2023-45808 iTop missing silo check on extkey in console and portal

iTop is an IT service management platform. When creating or updating an object, extkey values aren't checked to be in the current user silo. In other words, by forging an http request, the user can create objects pointing to out of silo objects for example a UserRequest in an out of scope...

4.1CVSS7.7AI score0.00336EPSS
Exploits0References5
Cvelist
Cvelist
added 2024/04/15 5:28 p.m.20 views

CVE-2023-45808 iTop missing silo check on extkey in console and portal

iTop is an IT service management platform. When creating or updating an object, extkey values aren't checked to be in the current user silo. In other words, by forging an http request, the user can create objects pointing to out of silo objects for example a UserRequest in an out of scope...

4.1CVSS4.8AI score0.00336EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2024/04/15 5:28 p.m.16 views

CVE-2023-45808 iTop missing silo check on extkey in console and portal

iTop is an IT service management platform. When creating or updating an object, extkey values aren't checked to be in the current user silo. In other words, by forging an http request, the user can create objects pointing to out of silo objects for example a UserRequest in an out of scope...

4.1CVSS6.9AI score0.00336EPSS
Exploits0References3
CVE
CVE
added 2024/04/15 5:28 p.m.55 views

CVE-2023-45808

CVE-2023-45808 – iTop silo check bypass Affected software: Combodo iTop (IT service management platform). Issue: When creating or updating objects, extkey values aren’t checked against the current user silo, allowing forged HTTP requests to reference out-of-silo objects (e.g., a UserRequest in an...

5.4CVSS6.8AI score0.00336EPSS
Exploits0References3Affected Software1
CNNVD
CNNVD
added 2024/04/15 12:0 a.m.5 views

iTop 安全漏洞

iTop is a platform that provides all the resources needed to optimize iTop. A security vulnerability exists in iTop versions 2.7.10, 3.0.4, 3.1.1, and 3.2.0 that stems from permissions that do not check the extkey value when creating or updating an object...

5.4CVSS7.8AI score0.00336EPSS
Exploits0References4
Rows per page
Query Builder