CVE-2024-51995

Combodo iTop is a web based IT Service Management tool. An attacker can request any `route` we want as long as we specify an `operation` that is allowed. This issue has been addressed in version 3.2.0 by applying the same access control pattern as in `UI.php` to the `ajax.render.php` page which does not allow arbitrary `routes` to be dispatched. All users are advised to upgrade. There are no known workarounds for this vulnerability.

CVSS v3 7.1 HIGH

7.1^/10

CVSS v3 : HIGH

Vector :

Exploitability : 1.8 / Impact : 4.7

Attack Vector NETWORK

Attack Complexity HIGH

Privileges Required LOW

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact LOW

Availability Impact NONE

Scope CHANGED

References

Link	Resource
https://github.com/Combodo/iTop/security/advisories/GHSA-3mxr-8r3j-j2j9	Vendor Advisory

Configurations

Configuration 1 (hide)

cpe:2.3:a:combodo:itop:*:*:*:*:*:*:*:*

History

No history.

Information

Published : 2024-11-07 18:15

Updated : 2025-03-27 18:29

NVD link : CVE-2024-51995

Mitre link : CVE-2024-51995

CVE.ORG link : CVE-2024-51995

JSON object : View

Products Affected

combodo

itop

CWE

CWE-284

Improper Access Control

{"id": "CVE-2024-51995", "cveTags": [], "metrics": {"cvssMetricV30": [{"type": "Secondary", "source": "[email protected]", "cvssData": {"scope": "CHANGED", "version": "3.0", "baseScore": 7.1, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "NONE", "attackComplexity": "HIGH", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 4.7, "exploitabilityScore": 1.8}], "cvssMetricV31": [{"type": "Secondary", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "cvssData": {"scope": "CHANGED", "version": "3.1", "baseScore": 7.1, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "NONE", "attackComplexity": "HIGH", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 4.7, "exploitabilityScore": 1.8}]}, "published": "2024-11-07T18:15:18.787", "references": [{"url": "https://github.com/Combodo/iTop/security/advisories/GHSA-3mxr-8r3j-j2j9", "tags": ["Vendor Advisory"], "source": "[email protected]"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "[email protected]", "description": [{"lang": "en", "value": "CWE-284"}]}], "descriptions": [{"lang": "en", "value": "Combodo iTop is a web based IT Service Management tool. An attacker can request any `route` we want as long as we specify an `operation` that is allowed. This issue has been addressed in version 3.2.0 by applying the same access control pattern as in `UI.php` to the `ajax.render.php` page which does not allow arbitrary `routes` to be dispatched. All users are advised to upgrade. There are no known workarounds for this vulnerability."}, {"lang": "es", "value": "Combodo iTop es una herramienta de gesti\u00f3n de servicios de TI basada en la web. Un atacante puede solicitar cualquier \u00abruta\u00bb que queramos siempre que especifiquemos una \u00aboperaci\u00f3n\u00bb que est\u00e9 permitida. Este problema se ha solucionado en la versi\u00f3n 3.2.0 aplicando el mismo patr\u00f3n de control de acceso que en \u00abUI.php\u00bb a la p\u00e1gina \u00abajax.render.php\u00bb, que no permite enviar \u00abrutas\u00bb arbitrarias. Se recomienda a todos los usuarios que actualicen la versi\u00f3n. No existen workarounds para esta vulnerabilidad."}], "lastModified": "2025-03-27T18:29:13.487", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:combodo:itop:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "A59157AC-6016-4FB6-A3BD-08EAB161CF96", "versionEndExcluding": "3.2.0"}], "operator": "OR"}]}], "sourceIdentifier": "[email protected]"}