IT Business Management

In iTop versions prior to 3.1.3 and 3.2.1 a medium severity vulnerability CVE-2024-56157 was detected. This vulnerability allows attackers to perform a cross-site scripting (XSS) attack by injecting malicious code into CSV content, which is executed when importing the file. To address this issue, users should upgrade iTop to versions 3.1.3 or 3.2.1. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2024-56157.

In iTop versions prior to 2.7.12, 3.1.3 and 3.2.1 a medium severity vulnerability CVE-2024-52601 was detected. This vulnerability allows authenticated portal users to access unauthorized objects by querying an unprotected route. To address this issue, users should upgrade iTop to versions 2.7.12, 3.1.3 or 3.2.1. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2024-52601.

In Combodo iTop versions prior to 2.7.12, 3.1.2 and 3.2.0 a medium severity vulnerability CVE-2025-27139 was detected. This vulnerability allows attackers to execute cross-site scripting (XSS) attacks when the preferences page is opened. To address this issue, users should upgrade iTop to versions 2.7.12, 3.1.2, 3.2.0 or later. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-27139.

In iTop version 16.0 a high severity vulnerability CVE-2024-53588 was detected. This vulnerability allows attackers to run malicious code on the system by tricking iTop VPN into loading a fake DLL file. Currently, there is no fix version for this issue. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2024-53588.

In iTop versions before 2.7.11, from including 3.0.0-alpha and before 3.1.2, and from including 3.2.0-alpha1 and before 3.2.0 a high severity vulnerability CVE-2024-54139 was detected. This vulnerability allows attackers to perform cross-site scripting, which can lead to cross-site request forgery via the `_table_id` parameter. To address this issue, users should upgrade iTop to versions 2.7.11, 3.1.2, or 3.2.0. For more details, visit https://avd.aquasec.com/nvd/2024/cve-2024-54139.

In Ansible Automation Platform version 2 a medium severity vulnerability CVE-2024-11483 was detected. Attackers can escalate privileges by misusing read-scoped OAuth2 (Open Authorization 2.0) tokens to gain write access, affecting API endpoints using ansible_base.oauth2_provider. Currently, there is no fix version for this issue. For more details, visit https://avd.aquasec.com/nvd/2024/cve-2024-11483.

In Ansible versions 2, including Ansible-Core a medium severity vulnerability CVE-2024-11079 was found. This issue allows attackers to bypass protections and execute unsafe content using the hostvars object. If playbooks improperly handle remote data or module outputs, it could lead to arbitrary code execution. Currently, there is no fix version for this issue. For more details, visit https://avd.aquasec.com/nvd/2024/cve-2024-11079.

In iTop versions before 3.2.0 a high severity Cross-Site Request Forgery (CSRF) vulnerability CVE-2024-52002 was detected. This vulnerability allows attackers to exploit certain URL endpoints to carry out unauthorized actions. To address this issue, users are advised to upgrade to version 3.2.0. For more details, visit https://avd.aquasec.com/nvd/2024/cve-2024-52002.

In iTop versions before 3.2.0 a medium severity vulnerability CVE-2024-52001 was detected. It allows portal users to access restricted service information. This issue has been addressed in version 3.2.0, and all users are advised to upgrade. For more details, visit https://avd.aquasec.com/nvd/2024/cve-2024-52001.