Unrated severityNVD Advisory· Published May 14, 2025· Updated May 14, 2025
iTop portal Insecure Direct Object Reference vulnerability
CVE-2024-52601
Description
iTop is an web based IT Service Management tool. Prior to versions 2.7.12, 3.1.3, and 3.2.1, anyone with an account having portal access can have read access to objects they're not allowed to see by querying an unprotected route. Versions 2.7.12, 3.1.3, and 3.2.1 contain a fix for the issue.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2Patches
Vulnerability mechanics
References
1- github.com/Combodo/iTop/security/advisories/GHSA-cph2-466c-3f87mitrex_refsource_CONFIRM
News mentions
0No linked articles in our index yet.