CVE-2021-21407

Published July 21st, 2021

View on NVD ↗

CVSS v3

HIGH

CVSS v2

4.3

MEDIUM

Affected

PROJECT

Description

Combodo iTop is an open source, web based IT Service Management tool. Prior to version 2.7.4, the CSRF token validation can be bypassed through iTop portal via a tricky browser procedure. The vulnerability is patched in version 2.7.4 and 3.0.0.

Combodo/iTop

A simple, web based CMDB & IT Service Management tool

GitHub

1.13K