Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Itop
(Combodo)| Repositories |
Unknown: This might be proprietary software. |
| #Vulnerabilities | 63 |
| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2024-11-08 | CVE-2024-52001 | Combodo iTop is a simple, web based IT Service Management tool. In affected versions portal users are able to access forbidden services information. This issue has been addressed in version 3.2.0. All users are advised to upgrade. There are no known workarounds for this vulnerability. | Itop | 4.3 | ||
| 2024-11-08 | CVE-2024-52002 | Combodo iTop is a simple, web based IT Service Management tool. Several url endpoints are subject to a Cross-Site Request Forgery (CSRF) vulnerability. Please refer to the linked GHSA for the complete list. This issue has been addressed in version 3.2.0 and all users are advised to upgrade. There are no known workarounds for this vulnerability. | Itop | 8.8 | ||
| 2020-08-10 | CVE-2020-12777 | A function in Combodo iTop contains a vulnerability of Broken Access Control, which allows unauthorized attacker to inject command and disclose system information. | Itop | 7.5 | ||
| 2020-08-10 | CVE-2020-12778 | Combodo iTop does not validate inputted parameters, attackers can inject malicious commands and launch XSS attack. | Itop | 6.1 | ||
| 2020-08-10 | CVE-2020-12779 | Combodo iTop contains a stored Cross-site Scripting vulnerability, which can be attacked by uploading file with malicious script. | Itop | 5.4 | ||
| 2020-08-10 | CVE-2020-12780 | A security misconfiguration exists in Combodo iTop, which can expose sensitive information. | Itop | 7.5 | ||
| 2020-08-10 | CVE-2020-12781 | Combodo iTop contains a cross-site request forgery (CSRF) vulnerability, attackers can execute specific commands via malicious site request forgery. | Itop | 8.8 | ||
| 2021-01-12 | CVE-2020-4079 | Combodo iTop is a web based IT Service Management tool. In iTop before versions 2.7.2 and 2.8.0, when the ajax endpoint for the "excel export" portal functionality is called directly it allows getting data without scope filtering. This allows a user to access data they which they should not have access to. This is fixed in versions 2.7.2 and 3.0.0. | Itop | 7.7 | ||
| 2021-01-13 | CVE-2020-15218 | Combodo iTop is a web based IT Service Management tool. In iTop before versions 2.7.2 and 3.0.0, admin pages are cached, so that their content is visible after deconnection by using the browser back button. This is fixed in versions 2.7.2 and 3.0.0. | Itop | 6.8 | ||
| 2021-01-13 | CVE-2020-15219 | Combodo iTop is a web based IT Service Management tool. In iTop before versions 2.7.2 and 3.0.0, when a download error is triggered in the user portal, an SQL query is displayed to the user. This is fixed in versions 2.7.2 and 3.0.0. | Itop | 4.3 |