6 matches found
CVE-2025-24969 iTop portal user can see any other contact's picture
iTop is an web based IT Service Management tool. Prior to version 3.2.1, a portal user can see any other contacts picture by changing the picture ID in the URL. Version 3.2.1 contains a patch for the issue...
CVE-2025-24969
CVE-2025-24969 affects iTop, a web-based IT service management tool. The vulnerability is present in versions prior to 3.2.1, where a portal user can view other contacts’ pictures by changing the picture ID in the URL. Version 3.2.1 includes a patch for this issue. The documented impact is privac...
CVE-2025-24969 iTop portal user can see any other contact's picture
iTop is an web based IT Service Management tool. Prior to version 3.2.1, a portal user can see any other contacts picture by changing the picture ID in the URL. Version 3.2.1 contains a patch for the issue...
CVE-2024-52601 iTop portal Insecure Direct Object Reference vulnerability
iTop is an web based IT Service Management tool. Prior to versions 2.7.12, 3.1.3, and 3.2.1, anyone with an account having portal access can have read access to objects they're not allowed to see by querying an unprotected route. Versions 2.7.12, 3.1.3, and 3.2.1 contain a fix for the issue...
CVE-2024-52601 iTop portal Insecure Direct Object Reference vulnerability
iTop is an web based IT Service Management tool. Prior to versions 2.7.12, 3.1.3, and 3.2.1, anyone with an account having portal access can have read access to objects they're not allowed to see by querying an unprotected route. Versions 2.7.12, 3.1.3, and 3.2.1 contain a fix for the issue...
CVE-2024-52601
CVE-2024-52601 – iTop portal exposure is a read-access flaw in the web-based IT Service Management tool iTop. Prior to versions 2.7.12, 3.1.3, and 3.2.1, accounts with portal access could read objects they are not permitted to see by querying an unprotected route (Insecure Direct Object Reference...