CVE-2021-21407

HIGH

Combodo iTop < 2.7.4 - Cross-Site Request Forgery Token Bypass via Portal

Title source: llm
STIX 2.1

Description

Combodo iTop is an open source, web based IT Service Management tool. Prior to version 2.7.4, the CSRF token validation can be bypassed through iTop portal via a tricky browser procedure. The vulnerability is patched in version 2.7.4 and 3.0.0.

References (1)

Core 1
Core References

Scores

CVSS v3 8.0
EPSS 0.0046
EPSS Percentile 36.8%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:N

Details

CWE
CWE-352
Status published
Products (1)
combodo/itop < 2.7.4
Published Jul 21, 2021
Tracked Since Feb 18, 2026