VYPR
Unrated severityNVD Advisory· Published Mar 16, 2020· Updated Aug 5, 2024

CVE-2019-19821

CVE-2019-19821

Description

A post-authentication privilege escalation in the web application of Combodo iTop allows regular authenticated users to access information and modify information with administrative privileges by not following the HTTP Location header in server responses. This is fixed in all iTop packages (community, essential, professional) in versions : 2.5.4, 2.6.3, 2.7.0

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

2
  • Combodo/iTopdescription
  • Combodo/Itopllm-fuzzy
    Range: before 2.5.4, 2.6.0 to 2.6.2

Patches

Vulnerability mechanics

References

3

News mentions

0

No linked articles in our index yet.