PT-2023-13713 · Comodo+1 · Combodo Itop+1

Blaklis

Publicado

2023-03-14

Atualizado

2024-04-04

CVE-2022-39216

CVSS v3.1

7.4

Alta

Vetor

AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N

Name of the Vulnerable Software and Affected Versions Combodo iTop versions prior to 2.7.8 Combodo iTop versions prior to 3.0.2-1

Description Combodo iTop is an open source, web-based IT service management platform. The reset password token is generated without any randomness parameter, which may lead to account takeover.

Recommendations For versions prior to 2.7.8, update to version 2.7.8 or later to resolve the issue. For versions prior to 3.0.2-1, update to version 3.0.2-1 or later to resolve the issue.

Exploit

Correção

Use of Insufficiently Random Values

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-330

Identificadores relacionados

ALT-PU-2023-1879

ALT-PU-2024-4537

ALT-PU-2024-4547

ALT-PU-2024-4961

CVE-2022-39216

GHSA-HGGQ-48P2-CMHM

Produtos afetados

Alt Linux

Combodo Itop

PT-2023-13713 · Comodo+1 · Combodo Itop+1

CVE-2022-39216

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 82