Lucene search
K

4 matches found

RedhatCVE
RedhatCVE
added 2025/05/23 4:34 a.m.6 views

CVE-2023-45808

iTop is an IT service management platform. When creating or updating an object, extkey values aren't checked to be in the current user silo. In other words, by forging an http request, the user can create objects pointing to out of silo objects for example a UserRequest in an out of scope...

5.4CVSS6.9AI score0.00336EPSS
Exploits0
NVD
NVD
added 2024/04/15 6:15 p.m.14 views

CVE-2023-45808

iTop is an IT service management platform. When creating or updating an object, extkey values aren't checked to be in the current user silo. In other words, by forging an http request, the user can create objects pointing to out of silo objects for example a UserRequest in an out of scope...

5.4CVSS4.4AI score0.00336EPSS
Exploits0References3
Cvelist
Cvelist
added 2024/04/15 5:28 p.m.20 views

CVE-2023-45808 iTop missing silo check on extkey in console and portal

iTop is an IT service management platform. When creating or updating an object, extkey values aren't checked to be in the current user silo. In other words, by forging an http request, the user can create objects pointing to out of silo objects for example a UserRequest in an out of scope...

4.1CVSS4.8AI score0.00336EPSS
Exploits0References3
CVE
CVE
added 2024/04/15 5:28 p.m.54 views

CVE-2023-45808

CVE-2023-45808 – iTop silo check bypass Affected software: Combodo iTop (IT service management platform). Issue: When creating or updating objects, extkey values aren’t checked against the current user silo, allowing forged HTTP requests to reference out-of-silo objects (e.g., a UserRequest in an...

5.4CVSS6.8AI score0.00336EPSS
Exploits0References3Affected Software1
Rows per page
Query Builder