Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Authenticated users of Combodo iTop can take over any account
Vulnerability Description
Combodo iTop is an open source, web-based IT service management platform. Prior to versions 2.7.8 and 3.0.2-1, a user who can log in on iTop is able to take over any account just by knowing the account's username. This issue is fixed in versions 2.7.8 and 3.0.2-1.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:N
Vulnerability Type
授权机制不正确
Vulnerability Title
Combodo iTop 安全漏洞
Vulnerability Description
Combodo iTop是法国Combodo公司的一套基于ITIL开发且用于IT环境日常运营的开源Web应用程序。该程序提供事件管理、配置管理和问题管理等功能。 Combodo iTop 2.7.8 之前和 3.0.2-1 之前版本存在安全漏洞,该漏洞源于可以登录 iTop 的用户只要知道帐户的用户名就可以接管任何帐户。
CVSS Information
N/A
Vulnerability Type
N/A