{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-51995", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "state": "PUBLISHED", "assignerShortName": "GitHub_M", "dateReserved": "2024-11-04T17:46:16.776Z", "datePublished": "2024-11-07T17:55:15.598Z", "dateUpdated": "2024-11-07T18:16:51.358Z"}, "containers": {"cna": {"title": "Logic bug in ajax.render.php allows for bypass of 'backOffice' access control in Combodo iTop", "problemTypes": [{"descriptions": [{"cweId": "CWE-284", "lang": "en", "description": "CWE-284: Improper Access Control", "type": "CWE"}]}], "metrics": [{"cvssV3_0": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.1, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:L/A:N", "version": "3.0"}}], "references": [{"name": "https://github.com/Combodo/iTop/security/advisories/GHSA-3mxr-8r3j-j2j9", "tags": ["x_refsource_CONFIRM"], "url": "https://github.com/Combodo/iTop/security/advisories/GHSA-3mxr-8r3j-j2j9"}], "affected": [{"vendor": "Combodo", "product": "iTop", "versions": [{"version": "< 3.2.0", "status": "affected"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2024-11-07T17:55:15.598Z"}, "descriptions": [{"lang": "en", "value": "Combodo iTop is a web based IT Service Management tool. An attacker can request any `route` we want as long as we specify an `operation` that is allowed. This issue has been addressed in version 3.2.0 by applying the same access control pattern as in `UI.php` to the `ajax.render.php` page which does not allow arbitrary `routes` to be dispatched. All users are advised to upgrade. There are no known workarounds for this vulnerability."}], "source": {"advisory": "GHSA-3mxr-8r3j-j2j9", "discovery": "UNKNOWN"}}, "adp": [{"metrics": [{"cvssV3_1": {"scope": "CHANGED", "version": "3.1", "baseScore": 7.1, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "NONE", "attackComplexity": "HIGH", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}}, {"other": {"type": "ssvc", "content": {"timestamp": "2024-11-07T18:16:46.169964Z", "id": "CVE-2024-51995", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-11-07T18:16:51.358Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"cvssV3_1": {"scope": "CHANGED", "version": "3.1", "baseScore": 7.1, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "NONE", "attackComplexity": "HIGH", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}}, {"other": {"type": "ssvc", "content": {"id": "CVE-2024-51995", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-11-07T18:16:46.169964Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-11-07T18:16:42.580Z"}}], "cna": {"title": "Logic bug in ajax.render.php allows for bypass of 'backOffice' access control in Combodo iTop", "source": {"advisory": "GHSA-3mxr-8r3j-j2j9", "discovery": "UNKNOWN"}, "metrics": [{"cvssV3_0": {"scope": "CHANGED", "version": "3.0", "baseScore": 7.1, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "NONE", "attackComplexity": "HIGH", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}}], "affected": [{"vendor": "Combodo", "product": "iTop", "versions": [{"status": "affected", "version": "< 3.2.0"}]}], "references": [{"url": "https://github.com/Combodo/iTop/security/advisories/GHSA-3mxr-8r3j-j2j9", "name": "https://github.com/Combodo/iTop/security/advisories/GHSA-3mxr-8r3j-j2j9", "tags": ["x_refsource_CONFIRM"]}], "descriptions": [{"lang": "en", "value": "Combodo iTop is a web based IT Service Management tool. An attacker can request any `route` we want as long as we specify an `operation` that is allowed. This issue has been addressed in version 3.2.0 by applying the same access control pattern as in `UI.php` to the `ajax.render.php` page which does not allow arbitrary `routes` to be dispatched. All users are advised to upgrade. There are no known workarounds for this vulnerability."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-284", "description": "CWE-284: Improper Access Control"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2024-11-07T17:55:15.598Z"}}}, "cveMetadata": {"cveId": "CVE-2024-51995", "state": "PUBLISHED", "dateUpdated": "2024-11-07T18:16:51.358Z", "dateReserved": "2024-11-04T17:46:16.776Z", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "datePublished": "2024-11-07T17:55:15.598Z", "assignerShortName": "GitHub_M"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:combodo:itop:*:*:*:*:*:*:*:*", "matchCriteriaId": "A59157AC-6016-4FB6-A3BD-08EAB161CF96", "versionEndExcluding": "3.2.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Combodo iTop is a web based IT Service Management tool. An attacker can request any `route` we want as long as we specify an `operation` that is allowed. This issue has been addressed in version 3.2.0 by applying the same access control pattern as in `UI.php` to the `ajax.render.php` page which does not allow arbitrary `routes` to be dispatched. All users are advised to upgrade. There are no known workarounds for this vulnerability."}, {"lang": "es", "value": "Combodo iTop es una herramienta de gesti\u00f3n de servicios de TI basada en la web. Un atacante puede solicitar cualquier \u00abruta\u00bb que queramos siempre que especifiquemos una \u00aboperaci\u00f3n\u00bb que est\u00e9 permitida. Este problema se ha solucionado en la versi\u00f3n 3.2.0 aplicando el mismo patr\u00f3n de control de acceso que en \u00abUI.php\u00bb a la p\u00e1gina \u00abajax.render.php\u00bb, que no permite enviar \u00abrutas\u00bb arbitrarias. Se recomienda a todos los usuarios que actualicen la versi\u00f3n. No existen workarounds para esta vulnerabilidad."}], "id": "CVE-2024-51995", "lastModified": "2025-03-27T18:29:13.487", "metrics": {"cvssMetricV30": [{"cvssData": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.1, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:L/A:N", "version": "3.0"}, "exploitabilityScore": 1.8, "impactScore": 4.7, "source": "[email protected]", "type": "Secondary"}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.1, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 4.7, "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}, "published": "2024-11-07T18:15:18.787", "references": [{"source": "[email protected]", "tags": ["Vendor Advisory"], "url": "https://github.com/Combodo/iTop/security/advisories/GHSA-3mxr-8r3j-j2j9"}], "sourceIdentifier": "[email protected]", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-284"}], "source": "[email protected]", "type": "Primary"}]}

{}