CVE-2021-32663

See a problem?
Please try reporting it to the source first.

Source

https://cve.org/CVERecord?id=CVE-2021-32663

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2021-32663.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2021-32663

Related

GHSA-ghqc-r8f6-q9m9

Published

2021-10-19T18:15:07.783Z

Modified

2026-03-13T22:01:07.424175Z

Severity

7.5 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N CVSS Calculator

Summary

[none]

Details

iTop is an open source web based IT Service Management tool. In affected versions an attacker can call the system setup without authentication. Given specific parameters this can lead to SSRF. This issue has been resolved in versions 2.6.5 and 2.7.5 and later

References

Affected packages

Git / github.com/combodo/itop

Affected ranges

Type

GIT

Repo

https://github.com/combodo/itop

Events

Introduced

46151c87c09ed4f85cd22e1c522d036e4f99ce96

Fixed

d90b1a3d821f094466994cf02d7e3395779e783e

Fixed

43daa2ef088bf928a2386fa19324628c3f19b807

Fixed

6be9a87c150978752bc68baae1a5c4833ddadfec

Database specific

{
    "versions": [
        {
            "introduced": "2.7.0"
        },
        {
            "fixed": "2.7.5"
        }
    ]
}

Affected versions

1.*

1.0.8

2.*

2.6.4

2.7.0

2.7.0-1

2.7.0-2

2.7.0-rc2

2.7.1

2.7.2

2.7.2-1

2.7.3

2.7.3-1

2.7.3-2

2.7.4

Database specific

source

"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2021-32663.json"

unresolved_ranges

[
    {
        "events": [
            {
                "introduced": "0"
            },
            {
                "fixed": "2.6.5"
            }
        ]
    }
]