3 matches found
CVE-2020-4079
Combodo iTop is a web based IT Service Management tool. In iTop before versions 2.7.2 and 2.8.0, when the ajax endpoint for the "excel export" portal functionality is called directly it allows getting data without scope filtering. This allows a user to access data they which they should not have...
CVE-2020-4079 Information disclosure vulnerability in iTop
Combodo iTop is a web based IT Service Management tool. In iTop before versions 2.7.2 and 2.8.0, when the ajax endpoint for the "excel export" portal functionality is called directly it allows getting data without scope filtering. This allows a user to access data they which they should not have...
CVE-2020-4079
CVE-2020-4079 affects Combodo iTop prior to 2.7.2 and 2.8.0 where the ajax endpoint for the Excel export portal could be accessed directly, bypassing scope filtering and exposing data to users who should not have access. Root cause: missing access control on the Excel export data retrieval. Impac...