CVE-2021-41245 : What You Need to Know
Learn about CVE-2021-41245, a Cross-Site Request Forgery vulnerability in Combodo iTop versions prior to 2.7.6 and 3.0.0. Understand the impact, technical details, and mitigation steps in this article.
Combodo iTop is a web-based IT Service Management tool with a vulnerability that allows for Cross-Site Request Forgery (CSRF) attacks in versions prior to 2.7.6 and 3.0.0. Proper checks for CSRF tokens generated by 'privUITransactionFile' are missing in these versions. This CVE has a CVSS v3.1 base score of 6.5 (Medium severity).