Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
iTop admin can drop iTop database using webhooks
Vulnerability Description
Combodo iTop is a web based IT service management tool. In versions prior to 2.7.13 and 3.2.2, a user that has enough rights to create webhooks (mostly administrators) can drop the database. This is fixed in iTop 2.7.13 and 3.2.2 by verifying callback signature.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:N/I:H/A:H
Vulnerability Type
授权机制不正确
Vulnerability Title
Combodo iTop 安全漏洞
Vulnerability Description
Combodo iTop是法国Combodo公司的一套基于ITIL开发且用于IT环境日常运营的开源Web应用程序。该程序提供事件管理、配置管理和问题管理等功能。 Combodo iTop 2.7.13之前版本和3.2.2之前版本存在安全漏洞,该漏洞源于未验证回调签名,可能导致数据库删除。
CVSS Information
N/A
Vulnerability Type
N/A