CVE-2024-31998

EPSS 0.25%
Veröffentlicht 05.11.2024 00:15:04
Zuletzt bearbeitet 06.11.2024 14:31:46
Quelle security-advisories@github.com
CVE-Watchlists
Login
Unerledigt
Login

Combodo iTop is a simple, web based IT Service Management tool. A CSRF can be performed on CSV import simulation. This issue has been fixed in versions 3.1.2 and 3.2.0. All users are advised to upgrade. There are no known workarounds for this vulnerability.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 4

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Combodo ≫ Itop Version < 3.1.2

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.25%	0.479

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	8.8	2.8	5.9	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
security-advisories@github.com	8.8	2.8	5.9	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

CWE-352 Cross-Site Request Forgery (CSRF)

The web application does not, or can not, sufficiently verify whether a well-formed, valid, consistent request was intentionally provided by the user who submitted the request.

https://github.com/Combodo/iTop/security/advisories/GHSA-8cwx-q4xh-7c7r

Vendor Advisory

https://nvd.nist.gov/vuln/detail/CVE-2024-31998

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2024-31998

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2024-31998

EUVD

Team-orientierte Vulnerability Management Plattform

Features der Plattform

CVE-2024-31998