You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Authenticated users can browse and modify the web application as administrators. This includes access to all tickets, the inventory and other information of the organization and other users. This allows access to different functionality of the Configuration Management (e.g.
IT inventory), Change Management (e.g. ticketing), Service Management (e.g. provider and SLA management) and potentially other functionality of iTop.
Patches
Versions : 2.5.4, 2.6.3, 2.7.0
Packages : community, essential, professional
Impact
Authenticated users can browse and modify the web application as administrators. This includes access to all tickets, the inventory and other information of the organization and other users. This allows access to different functionality of the Configuration Management (e.g.
IT inventory), Change Management (e.g. ticketing), Service Management (e.g. provider and SLA management) and potentially other functionality of iTop.
Patches
Versions : 2.5.4, 2.6.3, 2.7.0
Packages : community, essential, professional
References
Combodo ref : N°2633
Fix : 248dab9
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-19821
https://www.pentagrid.ch/de/blog/security_issues_in_teampasswordmanager_and_combodo_itop/
For more information
If you have any questions or comments about this advisory:
Email us at itop-security@combodo.com