CVE-2024-32870
MEDIUM EXPLOITED NUCLEICombodo iTop < 2.7.11 - Unauthenticated Exposure of Sensitive Information
Title source: llmExploitation Summary
CVE-2024-32870 has been observed exploited in the wild (reported by VulnCheck KEV). A Nuclei detection template is also available.
Description
Combodo iTop is a simple, web based IT Service Management tool. Server, OS, DBMS, PHP, and iTop info (name, version and parameters) can be read by anyone having access to iTop URI. This issue has been patched in versions 2.7.11, 3.0.5, 3.1.2, and 3.2.0. Users are advised to upgrade. There are no known workarounds for this vulnerability.
Nuclei Templates (1)
iTop Hub Connector - Information Disclosure
MEDIUMby DhiyaneshDk
Shodan:
html:"iTop login"
FOFA:
body="iTop login"
References (1)
Core 1
Core References
Vendor Advisory x_refsource_confirm
https://github.com/Combodo/iTop/security/advisories/GHSA-rfjh-2f5x-qxmx
Scores
CVSS v3
5.8
EPSS
0.0073
EPSS Percentile
49.3%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
yes
Technical Impact
partial
Details
VulnCheck KEV
2025-06-08
CWE
CWE-200
Status
published
Products (1)
combodo/itop
< 2.7.11
Published
Nov 05, 2024
Tracked Since
Feb 18, 2026