Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Itop
(Combodo)| Repositories |
Unknown: This might be proprietary software. |
| #Vulnerabilities | 63 |
| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2024-04-15 | CVE-2023-45808 | iTop is an IT service management platform. When creating or updating an object, extkey values aren't checked to be in the current user silo. In other words, by forging an http request, the user can create objects pointing to out of silo objects (for example a UserRequest in an out of scope Organization). Fixed in iTop 2.7.10, 3.0.4, 3.1.1, and 3.2.0. | Itop | 5.4 | ||
| 2024-04-15 | CVE-2023-47123 | iTop is an IT service management platform. By filling malicious code in an object friendlyname / complementary name, an XSS attack can be performed when this object will displayed as an n:n relation item in another object. This vulnerability is fixed in 3.1.1 and 3.2.0. | Itop | 5.4 | ||
| 2024-11-08 | CVE-2024-52000 | Combodo iTop is a simple, web based IT Service Management tool. Affected versions are subject to a reflected Cross-site Scripting (XSS) exploit by way of editing a request's payload which can lead to malicious javascript execution. This issue has been addressed in version 3.2.0 via systematic escaping of error messages when rendering on the page. All users are advised to upgrade. There are no known workarounds for this vulnerability. | Itop | 6.1 | ||
| 2024-11-08 | CVE-2024-52001 | Combodo iTop is a simple, web based IT Service Management tool. In affected versions portal users are able to access forbidden services information. This issue has been addressed in version 3.2.0. All users are advised to upgrade. There are no known workarounds for this vulnerability. | Itop | 4.3 | ||
| 2024-11-08 | CVE-2024-52002 | Combodo iTop is a simple, web based IT Service Management tool. Several url endpoints are subject to a Cross-Site Request Forgery (CSRF) vulnerability. Please refer to the linked GHSA for the complete list. This issue has been addressed in version 3.2.0 and all users are advised to upgrade. There are no known workarounds for this vulnerability. | Itop | 8.8 | ||
| 2020-08-10 | CVE-2020-12777 | A function in Combodo iTop contains a vulnerability of Broken Access Control, which allows unauthorized attacker to inject command and disclose system information. | Itop | 7.5 | ||
| 2020-08-10 | CVE-2020-12778 | Combodo iTop does not validate inputted parameters, attackers can inject malicious commands and launch XSS attack. | Itop | 6.1 | ||
| 2020-08-10 | CVE-2020-12779 | Combodo iTop contains a stored Cross-site Scripting vulnerability, which can be attacked by uploading file with malicious script. | Itop | 5.4 | ||
| 2020-08-10 | CVE-2020-12780 | A security misconfiguration exists in Combodo iTop, which can expose sensitive information. | Itop | 7.5 | ||
| 2020-08-10 | CVE-2020-12781 | Combodo iTop contains a cross-site request forgery (CSRF) vulnerability, attackers can execute specific commands via malicious site request forgery. | Itop | 8.8 |