Vulnerabilities > CVE-2021-32663 - Server-Side Request Forgery (SSRF) vulnerability in Combodo Itop 2.7.0

047910
CVSS 5.0 - MEDIUM
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
NONE
Integrity impact
PARTIAL
Availability impact
NONE
network
low complexity
combodo
CWE-918

Summary

iTop is an open source web based IT Service Management tool. In affected versions an attacker can call the system setup without authentication. Given specific parameters this can lead to SSRF. This issue has been resolved in versions 2.6.5 and 2.7.5 and later

Vulnerable Configurations

Part Description Count
Application
Combodo
2

Common Weakness Enumeration (CWE)