Unrated severityNVD Advisory· Published Mar 16, 2020· Updated Aug 5, 2024
CVE-2019-19821
CVE-2019-19821
Description
A post-authentication privilege escalation in the web application of Combodo iTop allows regular authenticated users to access information and modify information with administrative privileges by not following the HTTP Location header in server responses. This is fixed in all iTop packages (community, essential, professional) in versions : 2.5.4, 2.6.3, 2.7.0
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2- Combodo/iTopdescription
Patches
Vulnerability mechanics
References
3- github.com/Combodo/iTop/security/advisories/GHSA-2gfp-2qvh-9796mitrex_refsource_MISC
- www.combodo.com/itop-193mitrex_refsource_MISC
- www.pentagrid.ch/de/blog/security_issues_in_teampasswordmanager_and_combodo_itop/mitrex_refsource_MISC
News mentions
0No linked articles in our index yet.