CVE-2024-51740

Name of the Vulnerable Software and Affected Versions Combodo iTop versions prior to 2.7.11 Combodo iTop versions prior to 3.0.5 Combodo iTop versions prior to 3.1.2 Combodo iTop versions prior to 3.2.0

Description This issue allows an attacker to create HTTP requests on behalf of the server from a low-privileged user. The user portal form manager has been fixed to only instantiate classes derived from it.

Recommendations For versions prior to 2.7.11, upgrade to version 2.7.11 or later. For versions prior to 3.0.5, upgrade to version 3.0.5 or later. For versions prior to 3.1.2, upgrade to version 3.1.2 or later. For versions prior to 3.2.0, upgrade to version 3.2.0 or later.