Main Vulnerability Database Vulnerabilities #VU41597

#VU41597 Improper Privilege Management in iTop - CVE-2019-19821

Published: August 10, 2020

Vulnerability identifier: #VU41597

Vulnerability risk: Medium

CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Green

CVE-ID: CVE-2019-19821

CWE-ID: CWE-269

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vulnerable software:
iTop

Software vendor:
Combodo

Description

The vulnerability allows a remote user to escalate privileges within the application.

A post-authentication privilege escalation in the web application of Combodo iTop allows regular authenticated users to access information and modify information with administrative privileges by not following the HTTP Location header in server responses.

Remediation

Install updates from vendor's website.

External links

https://github.com/Combodo/iTop/security/advisories/GHSA-2gfp-2qvh-9796
https://www.combodo.com/itop-193
https://www.pentagrid.ch/de/blog/security_issues_in_teampasswordmanager_and_combodo_itop/