VYPR
Unrated severityNVD Advisory· Published May 14, 2025· Updated May 14, 2025

iTop portal Insecure Direct Object Reference vulnerability

CVE-2024-52601

Description

iTop is an web based IT Service Management tool. Prior to versions 2.7.12, 3.1.3, and 3.2.1, anyone with an account having portal access can have read access to objects they're not allowed to see by querying an unprotected route. Versions 2.7.12, 3.1.3, and 3.2.1 contain a fix for the issue.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

2
  • Combodo/Itopllm-fuzzy2 versions
    <2.7.12 or >=3.0.0 & <3.1.3 or >=3.2.0 & <3.2.1+ 1 more
    • (no CPE)range: <2.7.12 or >=3.0.0 & <3.1.3 or >=3.2.0 & <3.2.1
    • (no CPE)range: < 2.7.12

Patches

Vulnerability mechanics

References

1

News mentions

0

No linked articles in our index yet.