Primary

Context

iTop Denial-of-Service Vulnerability via Crafted URL in Dashboard

Vulnerability

Patched

A denial-of-service vulnerability has been identified in iTop version 3.2.0. When a user sends a crafted URL that triggers a PHP error, the subsequent user who loads the affected dashboard will experience a crashed start page. This issue has been addressed in version 3.2.1 by implementing a check on the layout_class before saving the dashboard.

Impact

Exploitation of this vulnerability causes the welcome dashboard of the affected user to crash, disrupting their user experience.

Remediation

Users can upgrade to iTop version 3.2.1 to address this vulnerability.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

1.4

impact

0.6

exploitability

6.0

remediation

7.7

relevance

0.0

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

1.4

impact

0.6

exploitability

6.0

remediation

7.7

relevance

0.0

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

iTop Denial-of-Service Vulnerability via Crafted URL in Dashboard

Vulnerability

Impact

Remediation

Affected Products

Combodo iTop

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating