iTop is an web based IT Service Management tool. Prior to versions 2.7.12, 3.1.3, and 3.2.1, anyone with an account having portal access can set value to object fields when they're not supposed to. Versions 2.7.12, 3.1.3, and 3.2.1 contain a fix for the issue.
Metrics
Affected Vendors & Products
References
History
Fri, 22 Aug 2025 21:00:00 +0000
Type | Values Removed | Values Added |
---|---|---|
References |
|
Fri, 01 Aug 2025 18:45:00 +0000
Type | Values Removed | Values Added |
---|---|---|
CPEs | cpe:2.3:a:combodo:itop:*:*:*:*:*:*:*:* |
Wed, 14 May 2025 16:15:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Metrics |
ssvc
|
Wed, 14 May 2025 15:00:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Description | iTop is an web based IT Service Management tool. Prior to versions 2.7.12, 3.1.3, and 3.2.1, anyone with an account having portal access can set value to object fields when they're not supposed to. Versions 2.7.12, 3.1.3, and 3.2.1 contain a fix for the issue. | |
Title | iTop doesn't have mass assignment of fields in the portal form | |
Weaknesses | CWE-862 | |
References |
| |
Metrics |
cvssV3_1
|

Status: PUBLISHED
Assigner: GitHub_M
Published:
Updated: 2025-08-26T13:44:18.910Z
Reserved: 2025-01-16T17:31:06.459Z
Link: CVE-2025-24021

Updated: 2025-05-14T15:12:53.516Z

Status : Modified
Published: 2025-05-14T15:15:56.157
Modified: 2025-08-22T21:15:30.793
Link: CVE-2025-24021

No data.

Updated: 2025-07-12T15:26:16Z