Improper Privilege Management in iTop - CVE-2019-19821

 

Improper Privilege Management in iTop - CVE-2019-19821

Published: August 10, 2020


Vulnerability identifier: #VU41597
CSH Severity: Medium
CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Green
CVE-ID: CVE-2019-19821
CWE-ID: CWE-269
Exploitation vector: Remote access
Exploit availability: No public exploit available
Vendor: Combodo
Affected software:
iTop

Detailed vulnerability description

The vulnerability allows a remote user to escalate privileges within the application.

A post-authentication privilege escalation in the web application of Combodo iTop allows regular authenticated users to access information and modify information with administrative privileges by not following the HTTP Location header in server responses.


How to mitigate CVE-2019-19821

Install updates from vendor's website.

Sources