jf-cbd

1 exploit Active since May 2025
CVE-2025-24021 WRITEUP MEDIUM WRITEUP
iTop < 2.7.12 - Authenticated Missing Authorization
iTop is an web based IT Service Management tool. Prior to versions 2.7.12, 3.1.3, and 3.2.1, anyone with an account having portal access can set value to object fields when they're not supposed to. Versions 2.7.12, 3.1.3, and 3.2.1 contain a fix for the issue.
CVSS 5.0