CVE-2021-32663

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2021-32663

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2021-32663.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2021-32663

Related

GHSA-ghqc-r8f6-q9m9

Published

2021-10-19T18:15:07Z

Modified

2025-01-15T01:55:06.317094Z

Severity

7.5 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N CVSS Calculator

Summary

[none]

Details

iTop is an open source web based IT Service Management tool. In affected versions an attacker can call the system setup without authentication. Given specific parameters this can lead to SSRF. This issue has been resolved in versions 2.6.5 and 2.7.5 and later

References

Affected packages

Git / github.com/combodo/itop

Affected ranges

Type: GIT
Repo: https://github.com/combodo/itop
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Fixed

43daa2ef088bf928a2386fa19324628c3f19b807

Fixed

43daa2ef088bf928a2386fa19324628c3f19b807

Fixed

6be9a87c150978752bc68baae1a5c4833ddadfec

Fixed

6be9a87c150978752bc68baae1a5c4833ddadfec

Affected versions

2.*

2.5.1

2.5.2

2.5.3

2.5.4

2.6.0

2.6.0-a

2.6.0-products

2.6.1

2.6.2

2.6.2-1

2.6.2-2

2.6.3

2.6.4

Other

N1963

N2011

N2016

N941

N941-2