Vulnerability Description
Combodo iTop is a web based IT Service Management tool. In versions prior to 2.7.6 and 3.0.0, CSRF tokens generated by `privUITransactionFile` aren't properly checked. Versions 2.7.6 and 3.0.0 contain a patch for this issue. As a workaround, use the session implementation by adding in the iTop config file.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Combodo | Itop | < 2.7.6 |
Related Weaknesses (CWE)
References
- https://github.com/Combodo/iTop/commit/7757f1f2d2330d49a3ebb40194f5ec4c8eaf8186PatchThird Party Advisory
- https://github.com/Combodo/iTop/security/advisories/GHSA-33pr-5776-9jqfMitigationThird Party Advisory
- https://huntr.dev/bounties/0a39630d-f4b9-4468-86d8-aea3b02f91aeExploitThird Party Advisory
- https://github.com/Combodo/iTop/commit/7757f1f2d2330d49a3ebb40194f5ec4c8eaf8186PatchThird Party Advisory
- https://github.com/Combodo/iTop/security/advisories/GHSA-33pr-5776-9jqfMitigationThird Party Advisory
- https://huntr.dev/bounties/0a39630d-f4b9-4468-86d8-aea3b02f91aeExploitThird Party Advisory
FAQ
What is CVE-2021-41245?
CVE-2021-41245 is a vulnerability with a CVSS score of 6.5 (MEDIUM). Combodo iTop is a web based IT Service Management tool. In versions prior to 2.7.6 and 3.0.0, CSRF tokens generated by `privUITransactionFile` aren't properly checked. Versions 2.7.6 and 3.0.0 contain...
How severe is CVE-2021-41245?
CVE-2021-41245 has been rated MEDIUM with a CVSS base score of 6.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2021-41245?
Check the references section above for vendor advisories and patch information. Affected products include: Combodo Itop.