Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Itop
(Combodo)| Repositories |
Unknown: This might be proprietary software. |
| #Vulnerabilities | 41 |
| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2023-11-09 | CVE-2023-47489 | CSV injection in export as csv in Combodo iTop v.3.1.0-2-11973 allows a local attacker to execute arbitrary code via a crafted script to the export-v2.php and ajax.render.php components. | Itop | 7.8 | ||
| 2023-11-09 | CVE-2023-47488 | Cross Site Scripting vulnerability in Combodo iTop v.3.1.0-2-11973 allows a local attacker to obtain sensitive information via a crafted script to the attrib_manager_id parameter in the General Information page and the id parameter in the contact page. | Itop | 6.1 | ||
| 2023-10-25 | CVE-2023-34446 | iTop is an open source, web-based IT service management platform. Prior to versions 3.0.4 and 3.1.0, when displaying `pages/preferences.php`, cross site scripting is possible. This issue is fixed in versions 3.0.4 and 3.1.0. | Itop | 6.1 | ||
| 2023-10-25 | CVE-2023-34447 | iTop is an open source, web-based IT service management platform. Prior to versions 3.0.4 and 3.1.0, on `pages/UI.php`, cross site scripting is possible. This issue is fixed in versions 3.0.4 and 3.1.0. | Itop | 6.1 | ||
| 2023-03-14 | CVE-2022-39216 | Combodo iTop is an open source, web-based IT service management platform. Prior to versions 2.7.8 and 3.0.2-1, the reset password token is generated without any randomness parameter. This may lead to account takeover. The issue is fixed in versions 2.7.8 and 3.0.2-1. | Itop | 9.8 | ||
| 2023-03-14 | CVE-2022-39214 | Combodo iTop is an open source, web-based IT service management platform. Prior to versions 2.7.8 and 3.0.2-1, a user who can log in on iTop is able to take over any account just by knowing the account's username. This issue is fixed in versions 2.7.8 and 3.0.2-1. | Itop | 7.5 | ||
| 2020-08-10 | CVE-2020-12777 | A function in Combodo iTop contains a vulnerability of Broken Access Control, which allows unauthorized attacker to inject command and disclose system information. | Itop | 7.5 | ||
| 2020-08-10 | CVE-2020-12778 | Combodo iTop does not validate inputted parameters, attackers can inject malicious commands and launch XSS attack. | Itop | 6.1 | ||
| 2020-08-10 | CVE-2020-12781 | Combodo iTop contains a cross-site request forgery (CSRF) vulnerability, attackers can execute specific commands via malicious site request forgery. | Itop | 8.8 | ||
| 2022-04-05 | CVE-2022-24780 | Combodo iTop is a web based IT Service Management tool. In versions prior to 2.7.6 and 3.0.0, users of the iTop user portal can send TWIG code to the server by forging specific http queries, and execute arbitrary code on the server using http server user privileges. This issue is fixed in versions 2.7.6 and 3.0.0. There are currently no known workarounds. | Itop | 8.8 |