PT-2024-36067 · Comodo+1 · Itop+1

Kyokito1412

Published

2024-12-13

Updated

2025-03-14

CVE-2024-54139

CVSS v3.1

9.6

Critical

Vector

AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions: Combodo iTop versions prior to 2.7.11 Combodo iTop versions prior to 3.1.2 Combodo iTop versions prior to 3.2.0

Description: Combodo iTop is an open source and web-based IT service management platform. The platform has a cross-site scripting issue that can lead to cross-site request forgery on the table id parameter.

Recommendations: For versions prior to 2.7.11, upgrade to version 2.7.11 to protect your environment. For versions prior to 3.1.2, upgrade to version 3.1.2 to protect your environment. For versions prior to 3.2.0, upgrade to version 3.2.0 to protect your environment.

Exploit

Fix

XSS

CSRF

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-79CWE-352

Related Identifiers

ALT-PU-2025-4212

CVE-2024-54139

GHSA-JMV2-WFH5-H5WG

Affected Products

Alt Linux

Itop

PT-2024-36067 · Comodo+1 · Itop+1

CVE-2024-54139

Weakness Enumeration

Related Identifiers

Affected Products

References · 8