In iTop a high severity vulnerability CVE-2023-47622 was detected. Refreshing dashlets could allow attackers to inject harmful code into the webpage if the system doesn’t properly clean up user-entered data. The issue is resolved in versions 3.0.4 and 3.1.1. For more information, visit https://avd.aquasec.com/nvd/2023/cve-2023-47622/.
Read more IT Business ManagementIn iTop a high severity vulnerability CVE-2023-48709 was detected. Users need to be careful when opening CSV or Excel files from the back office or portal as they may contain dangerous formulas that can lead to malicious code being executed on your computer, especially in Excel 2016. The issue is resolved in iTop 2.7.9, 3.0.4, 3.1.1, and 3.2.0 versions. For more information, visit https://avd.aquasec.com/nvd/2023/cve-2023-48709/.
Read more IT Business ManagementIn iTop a critical severity vulnerability CVE-2023-48710 was detected. Due to this vulnerability files from the env-production folder, which should be restricted, were accessible, potentially exposing sensitive data from third-party modules. To address this, updates have been made to the Pages/exec.php script to allow only PHP files to be executed, preventing access and disclosure of other file types. This fix is available in versions 2.7.10, 3.0.4, 3.1.1 and 3.2.0. For more information, visit https://avd.aquasec.com/nvd/2023/cve-2023-48710/.
Read more IT Business ManagementIn Ansible versions v3.0.0-v3.10.6 a critical security vulnerability, CVE-2024-29202 was detected. This vulnerability allows attackers to steal sensitive data. To address this issue, users are advised to upgrade to v3.10.7. For more information, visit https://avd.aquasec.com/nvd/2024/cve-2024-29202.
Read more IT Business Management