CVE-2021-32776

MEDIUM

Combodo iTop < 2.7.4 - Cross-Site Request Forgery via CSRF Token Reuse

Title source: llm
STIX 2.1

Description

Combodo iTop is a web based IT Service Management tool. In versions prior to 2.7.4, CSRF tokens can be reused by a malicious user, as on Windows servers no cleanup is done on CSRF tokens. This issue is fixed in versions 2.7.4 and 3.0.0.

References (1)

Core 1
Core References

Scores

CVSS v3 6.8
EPSS 0.0038
EPSS Percentile 29.7%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N

Details

CWE
CWE-352
Status published
Products (2)
combodo/itop 3.0.0 alpha (3 CPE variants)
combodo/itop < 2.7.4
Published Jul 21, 2021
Tracked Since Feb 18, 2026