PT-2024-24348 · Comodo+1 · Combodo Itop+1

Viliald

Published

2024-11-04

Updated

2025-03-14

CVE-2024-31998

CVSS v3.1

8.8

High

Vector

AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Combodo iTop versions prior to 3.1.2 Combodo iTop versions prior to 3.2.0

Description A CSRF issue can be performed on CSV import simulation in Combodo iTop, allowing an attacker to forge malicious requests. There are no known workarounds for this issue.

Recommendations For Combodo iTop versions prior to 3.1.2, upgrade to version 3.1.2 or later to resolve the issue. For Combodo iTop versions prior to 3.2.0, upgrade to version 3.2.0 or later to resolve the issue.

Exploit

Fix

CSRF

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-352

Related Identifiers

ALT-PU-2025-4212

CVE-2024-31998

GHSA-8CWX-Q4XH-7C7R

Affected Products

Alt Linux

Combodo Itop

PT-2024-24348 · Comodo+1 · Combodo Itop+1

CVE-2024-31998

Weakness Enumeration

Related Identifiers

Affected Products

References · 13