Primary

Context

Combodo iTop Insecure Direct Object Reference Vulnerability in ModuleInstallation Object

Vulnerability

Patched

A vulnerability allowing insecure direct object reference (IDOR) has been identified in Combodo iTop versions 3.x prior to 3.2.2. This vulnerability allows users with a Service Desk Agent profile to create a ModuleInstallation object, which they should not be authorized to do.

Impact

Exploitation of this vulnerability allows users to create ModuleInstallation objects without proper authorization, potentially leading to unauthorized changes or additions within the iTop application.

Remediation

Users can upgrade to iTop version 3.2.2 or later to address this vulnerability.

Added: Nov 10, 2025, 9:18 PM

Updated: Nov 10, 2025, 9:18 PM

Vulnerability Rating

Custom Algorithm

spread

1.4

impact

0.6

exploitability

4.5

remediation

7.7

relevance

1.0

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

1.4

impact

0.6

exploitability

4.5

remediation

7.7

relevance

1.0

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Combodo iTop Insecure Direct Object Reference Vulnerability in ModuleInstallation Object

Vulnerability

Impact

Remediation

Affected Products

Combodo iTop

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating