PT-2024-35089 · Comodo+1 · Combodo Itop+1

Bengrenoble

Published

2024-11-08

Updated

2025-03-14

CVE-2024-52002

CVSS v3.1

8.8

High

Vector

AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Combodo iTop versions prior to 3.2.0

Description Combodo iTop is a simple, web-based IT Service Management tool. Several URL endpoints are subject to a Cross-Site Request Forgery (CSRF) vulnerability. This issue has been addressed in version 3.2.0.

Recommendations For versions prior to 3.2.0, upgrade to version 3.2.0 to resolve the issue. As a temporary workaround, consider restricting access to the vulnerable URL endpoints until the upgrade is applied.

Exploit

Fix

CSRF

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-352

Related Identifiers

ALT-PU-2025-4212

CVE-2024-52002

GHSA-XR4X-XQ7V-7GQM

Affected Products

Alt Linux

Combodo Itop

PT-2024-35089 · Comodo+1 · Combodo Itop+1

CVE-2024-52002

Weakness Enumeration

Related Identifiers

Affected Products

References · 8