CVE-2025-24021
iTop doesn't have mass assignment of fields in the portal form
iTop is an web based IT Service Management tool. Prior to versions 2.7.12, 3.1.3, and 3.2.1, anyone with an account having portal access can set value to object fields when they're not supposed to. Versions 2.7.12, 3.1.3, and 3.2.1 contain a fix for the issue.
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:L/A:N
Productos afectados
Combodo · iTop¿Quieres saber si tu infraestructura está expuesta a esto?
Hablar con TrueHacking →