Unauthenticated System Setup Call Leading to SSRF in iTop

Unauthenticated System Setup Call Leading to SSRF in iTop

CVE-2021-32663 · HIGH Severity

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

iTop is an open source web based IT Service Management tool. In affected versions an attacker can call the system setup without authentication. Given specific parameters this can lead to SSRF. This issue has been resolved in versions 2.6.5 and 2.7.5 and later

Learn more about our Web App Pen Testing.