CVE-2024-32870

MEDIUM EXPLOITED NUCLEI

Combodo Itop < 2.7.11 - Information Disclosure

Title source: rule

Description

Combodo iTop is a simple, web based IT Service Management tool. Server, OS, DBMS, PHP, and iTop info (name, version and parameters) can be read by anyone having access to iTop URI. This issue has been patched in versions 2.7.11, 3.0.5, 3.1.2, and 3.2.0. Users are advised to upgrade. There are no known workarounds for this vulnerability.

Nuclei Templates (1)

iTop Hub Connector - Information Disclosure

MEDIUMby DhiyaneshDk

Shodan: html:"iTop login"

FOFA: body="iTop login"

References (1)

[Vendor Advisory] https://github.com/Combodo/iTop/security/advisories/GHSA-rfjh-2f5x-qxmx

Scores

CVSS v3 5.8

EPSS 0.2129

EPSS Percentile 95.7%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N

Details

VulnCheck KEV 2025-06-08

CWE

CWE-200

Status published

Products (1)

combodo/itop < 2.7.11

Published Nov 05, 2024

Tracked Since Feb 18, 2026