Vulnerability Database

300,830

Total vulnerabilities in the database

CVE-2021-21326

GLPI is an open-source asset and IT management software package that provides ITIL Service Desk features, licenses tracking and software auditing. In GLPI before version 9.5.4 it is possible to create tickets for another user with self-service interface without delegatee systems enabled. This is fixed in version 9.5.4.

Published: Mar 8, 2021
Updated: Apr 14, 2023
CVE: CVE-2021-21326
Severity: Medium
Exploit:

CVSS v3:

Severity: Medium
Score: 6.5
AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

CVSS v2:

Severity: Low
Score: 4
AV:N/AC:L/Au:S/C:N/I:P/A:N

CWEs:

CWE-862

Affected Software
References

Software	From	Fixed in
glpi-project / glpi	-	9.5.4

https://github.com/glpi-project/glpi/releases/tag/9.5.4
https://github.com/glpi-project/glpi/security/advisories/GHSA-vmj9-cg56-p7wh

Deep Security Visibility Without the Complexity

SynScan provides clear, real-time security insights so you can monitor your attack surface, spot risks early, and act fast—without extra complexity.

No setup fees
5-min deployment
Cancel anytime

Book a Demo