CVE-2025-24021

Medium CVSS: 5.0

iTop is an web based IT Service Management tool. Prior to versions 2.7.12, 3.1.3, and 3.2.1, anyone with an account having portal access can set value to object fields when they're not supposed to. Versions 2.7.12, 3.1.3, and 3.2.1 contain a fix for the issue.

Vendor

Combodo

Product

Itop

CWE

CWE-862

Yayın Tarihi

2025-05-14 15:15:56

Güncelleme

2025-08-22 21:15:30

Source Identifier

security-advisories@github.com

KEV Date Added

Kategoriler

CWE-862 Itop MEDIUM Combodo 2025

Referanslar

https://github.com/Combodo/iTop/commit/44290db312901fc5918cc537c74561487fb3713b https://github.com/Combodo/iTop/security/advisories/GHSA-c8hm-h9gv-8jpj

Benzer Kayıtlar

High

CVE-2025-64167

Combodo iTop is a web based IT service management tool. Versions prior to 2.7.13 and 3.2.2 are vulnerable to a cross-sit…

High

CVE-2025-49145

Combodo iTop is a web based IT service management tool. In versions prior to 2.7.13 and 3.2.2, a user that has enough ri…

High

CVE-2025-48065

Combodo iTop is a web based IT service management tool. Versions prior to 2.7.13 and 3.2.2 are vulnerable to cross-site…

Medium

CVE-2025-48878

Combodo iTop is a web based IT service management tool. In versions on the 3.x branch prior to 3.2.2, an insecure direct…

High

CVE-2025-48055

Combodo iTop is a web based IT service management tool. In versions prior to 3.2.2, when displaying content in a browse…

High

CVE-2025-47932

Combodo iTop is a web based IT service management tool. Versions prior to 2.7.13 and 3.2.2 are vulnerable to cross-site…