CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

Combodo iTop is a web based IT Service Management tool. In versions prior to 2.7.4, CSRF tokens can be reused by a malicious user, as on Windows servers no cleanup is done on CSRF tokens. This issue is fixed in versions 2.7.4 and 3.0.0...

8.8CVSS6.6AI score0.00144EPSS

Exploits0References1

Hacker One•added 2024/05/21 2:27 a.m.•8 views

Mozilla: csrftoken not unique to session or specific user and csrfmiddlewaretoken can be altered

The CSRF token used in the application was not unique to the session or specific user, allowing an attacker to use a valid CSRF token obtained from another user to perform unauthorized actions on behalf of that user...

7AI score

Exploits0

NVD•added 2022/04/05 3:15 p.m.•7 views

CVE-2021-41245

Combodo iTop is a web based IT Service Management tool. In versions prior to 2.7.6 and 3.0.0, CSRF tokens generated by privUITransactionFile aren't properly checked. Versions 2.7.6 and 3.0.0 contain a patch for this issue. As a workaround, use the session implementation by adding in the iTop conf...

8.1CVSS0.00132EPSS

Exploits1References3

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by