Unrated severityNVD Advisory· Published Apr 5, 2022· Updated Apr 22, 2025
Possible Cross-Site Request Forgery in Combodo iTop
CVE-2021-41245
Description
Combodo iTop is a web based IT Service Management tool. In versions prior to 2.7.6 and 3.0.0, CSRF tokens generated by privUITransactionFile aren't properly checked. Versions 2.7.6 and 3.0.0 contain a patch for this issue. As a workaround, use the session implementation by adding in the iTop config file.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2Patches
Vulnerability mechanics
References
3- github.com/Combodo/iTop/commit/7757f1f2d2330d49a3ebb40194f5ec4c8eaf8186mitrex_refsource_MISC
- github.com/Combodo/iTop/security/advisories/GHSA-33pr-5776-9jqfmitrex_refsource_CONFIRM
- huntr.dev/bounties/0a39630d-f4b9-4468-86d8-aea3b02f91aemitrex_refsource_MISC
News mentions
0No linked articles in our index yet.