CVE-2019-13967

Name of the Vulnerable Software and Affected Versions: iTop versions 2.2.0 through 2.6.0

Description: The issue allows remote attackers to cause a denial of service, resulting in an application outage. This is achieved by sending many requests to launch a compile operation, specifically targeting the "pages/exec.php?exec env=production&exec module=itop-hub-connector&exec page=ajax.php&operation=compile" API endpoint. It is noted that this only affects the community version of the software.

Recommendations: For versions 2.2.0 through 2.6.0, consider restricting access to the "pages/exec.php" API endpoint to prevent excessive compile operation requests as a temporary workaround.