CVE-2021-21406

Combodo iTop is an open source, web based IT Service Management tool. In versions prior to 2.7.4, there is a command injection vulnerability in the Setup Wizard when providing Graphviz executable path. The vulnerability is patched in version 2.7.4 and 3.0.0.

Summary:

Combodo iTop is an open source, web based IT Service Management tool. In versions prior to 2.7.4, there is a command injection vulnerability in the Setup Wizard when providing Graphviz executable path. The vulnerability is patched in version 2.7.4 and 3.0.0.

Reference Links(if available):

  • https://github.com/Combodo/iTop/security/advisories/GHSA-pf95-6h7q-q85x
  • CVSS Score (if available)

    v2: / MEDIUM

    v3: /

    Links to Exploits(if available)