Today > | 7 High | 22 Medium | 6 Low vulnerabilities   -   You can now download lists of IOCs here!

CVE-2024-51993

Nov. 8, 2024, 7:01 p.m.

CVSS Score

3.4 / 10

Product(s) Impacted

Combodo iTop

  • 3.2.0

Description

Combodo iTop is a web based IT Service Management tool. An attacker accessing a backup file or the database can read some passwords for misconfigured Users. This issue has been addressed in version 3.2.0 and all users are advised to upgrade. Users unable to upgrade are advised to encrypt their backups independently of the iTop application. ### Patches Sanitize parameter ### References N°7631 - Password is stored in clear in the database.

Weaknesses

CWE-312
Cleartext Storage of Sensitive Information

The product stores sensitive information in cleartext within a resource that might be accessible to another control sphere.

CWE ID: 312

Date

Published: Nov. 7, 2024, 6:15 p.m.

Last Modified: Nov. 8, 2024, 7:01 p.m.

Status : Awaiting Analysis

CVE has been recently published to the CVE List and has been received by the NVD.

More info

Source

security-advisories@github.com

CVSS Data

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

HIGH

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

Base Score
3.4
Exploitability Score
0.8
Impact Score
2.5
Base Severity
LOW
CVSS Vector String

The CVSS vector string provides an in-depth view of the vulnerability metrics.

View Vector String

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:N

References

https://github.com/ security-advisories@github.com