{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-04-14T18:38:20.266","vulnerabilities":[{"cve":{"id":"CVE-2023-48710","sourceIdentifier":"security-advisories@github.com","published":"2024-04-15T18:15:09.070","lastModified":"2025-02-06T21:03:10.907","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"iTop is an IT service management platform.  Files from the `env-production` folder can be retrieved even though they should have restricted access.  Hopefully, there is no sensitive files stored in that folder natively, but there could be from a third-party module. \n The `pages\/exec.php` script as been fixed to limit execution of PHP files only.  Other file types won't be retrieved and exposed.  The vulnerability is fixed in 2.7.10, 3.0.4, 3.1.1, and 3.2.0."},{"lang":"es","value":"iTop es una plataforma de gestión de servicios de TI. Los archivos de la carpeta `env-production` se pueden recuperar aunque tengan acceso restringido. Con suerte, no hay archivos confidenciales almacenados en esa carpeta de forma nativa, pero podría haberlos desde un módulo de terceros. El script `pages\/exec.php` se ha corregido para limitar la ejecución de archivos PHP únicamente. Otros tipos de archivos no se recuperarán ni se expondrán. La vulnerabilidad se solucionó en 2.7.10, 3.0.4, 3.1.1 y 3.2.0."}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1\/AV:N\/AC:L\/PR:N\/UI:N\/S:U\/C:H\/I:H\/A:H","baseScore":9.8,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":5.9},{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1\/AV:N\/AC:L\/PR:N\/UI:N\/S:U\/C:H\/I:H\/A:H","baseScore":9.8,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":5.9}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-552"}]},{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-552"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:combodo:itop:*:*:*:*:*:*:*:*","versionEndExcluding":"2.7.10","matchCriteriaId":"0C4E3E7A-6775-47E8-8878-6D33E8231551"},{"vulnerable":true,"criteria":"cpe:2.3:a:combodo:itop:*:*:*:*:*:*:*:*","versionStartIncluding":"3.0.0","versionEndExcluding":"3.0.4","matchCriteriaId":"F42542C8-DEF2-45E2-983B-B161F76C8FDA"},{"vulnerable":true,"criteria":"cpe:2.3:a:combodo:itop:*:*:*:*:*:*:*:*","versionStartIncluding":"3.1.0","versionEndExcluding":"3.1.1","matchCriteriaId":"E46BEA8B-6ECB-44B7-9509-99E2CBB569EC"}]}]}],"references":[{"url":"https:\/\/github.com\/Combodo\/iTop\/commit\/3b2da39469f7a4636ed250ed0d33f4efff38be26","source":"security-advisories@github.com","tags":["Patch"]},{"url":"https:\/\/github.com\/Combodo\/iTop\/security\/advisories\/GHSA-g652-q7cc-7hfc","source":"security-advisories@github.com","tags":["Vendor Advisory"]},{"url":"https:\/\/github.com\/Combodo\/iTop\/commit\/3b2da39469f7a4636ed250ed0d33f4efff38be26","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch"]},{"url":"https:\/\/github.com\/Combodo\/iTop\/security\/advisories\/GHSA-g652-q7cc-7hfc","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"]}]}}]}