Vulnerability Description
iTop is an open source web based IT Service Management tool. In affected versions an attacker can call the system setup without authentication. Given specific parameters this can lead to SSRF. This issue has been resolved in versions 2.6.5 and 2.7.5 and later
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Combodo | Itop | < 2.6.5 |
Related Weaknesses (CWE)
References
- https://github.com/Combodo/iTop/commit/43daa2ef088bf928a2386fa19324628c3f19b807PatchThird Party Advisory
- https://github.com/Combodo/iTop/commit/6be9a87c150978752bc68baae1a5c4833ddadfecPatchThird Party Advisory
- https://github.com/Combodo/iTop/security/advisories/GHSA-ghqc-r8f6-q9m9Third Party Advisory
- https://github.com/Combodo/iTop/commit/43daa2ef088bf928a2386fa19324628c3f19b807PatchThird Party Advisory
- https://github.com/Combodo/iTop/commit/6be9a87c150978752bc68baae1a5c4833ddadfecPatchThird Party Advisory
- https://github.com/Combodo/iTop/security/advisories/GHSA-ghqc-r8f6-q9m9Third Party Advisory
FAQ
What is CVE-2021-32663?
CVE-2021-32663 is a vulnerability with a CVSS score of 8.7 (HIGH). iTop is an open source web based IT Service Management tool. In affected versions an attacker can call the system setup without authentication. Given specific parameters this can lead to SSRF. This is...
How severe is CVE-2021-32663?
CVE-2021-32663 has been rated HIGH with a CVSS base score of 8.7/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2021-32663?
Check the references section above for vendor advisories and patch information. Affected products include: Combodo Itop.