CVE-2024-52601

Medium CVSS: 6.5

iTop is an web based IT Service Management tool. Prior to versions 2.7.12, 3.1.3, and 3.2.1, anyone with an account having portal access can have read access to objects they're not allowed to see by querying an unprotected route. Versions 2.7.12, 3.1.3, and 3.2.1 contain a fix for the issue.

Vendor

Combodo

Product

Itop

CWE

CWE-639

Yayın Tarihi

2025-05-14 15:15:55

Güncelleme

2025-08-01 18:39:53

Source Identifier

security-advisories@github.com

KEV Date Added

Kategoriler

CWE-639 Itop MEDIUM Combodo 2025

Referanslar

https://github.com/Combodo/iTop/security/advisories/GHSA-cph2-466c-3f87

Benzer Kayıtlar

High

CVE-2025-64167

Combodo iTop is a web based IT service management tool. Versions prior to 2.7.13 and 3.2.2 are vulnerable to a cross-sit…

High

CVE-2025-49145

Combodo iTop is a web based IT service management tool. In versions prior to 2.7.13 and 3.2.2, a user that has enough ri…

High

CVE-2025-48065

Combodo iTop is a web based IT service management tool. Versions prior to 2.7.13 and 3.2.2 are vulnerable to cross-site…

Medium

CVE-2025-48878

Combodo iTop is a web based IT service management tool. In versions on the 3.x branch prior to 3.2.2, an insecure direct…

High

CVE-2025-48055

Combodo iTop is a web based IT service management tool. In versions prior to 3.2.2, when displaying content in a browse…

High

CVE-2025-47932

Combodo iTop is a web based IT service management tool. Versions prior to 2.7.13 and 3.2.2 are vulnerable to cross-site…