Lucene search
K

6 matches found

Vulnrichment
Vulnrichment
added 2025/05/14 3:11 p.m.12 views

CVE-2025-24969 iTop portal user can see any other contact's picture

iTop is an web based IT Service Management tool. Prior to version 3.2.1, a portal user can see any other contacts picture by changing the picture ID in the URL. Version 3.2.1 contains a patch for the issue...

5CVSS6.9AI score0.00229EPSS
Exploits0References1
CVE
CVE
added 2025/05/14 3:11 p.m.52 views

CVE-2025-24969

CVE-2025-24969 affects iTop, a web-based IT service management tool. The vulnerability is present in versions prior to 3.2.1, where a portal user can view other contacts’ pictures by changing the picture ID in the URL. Version 3.2.1 includes a patch for this issue. The documented impact is privac...

5CVSS5.1AI score0.00229EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2025/05/14 3:11 p.m.22 views

CVE-2025-24969 iTop portal user can see any other contact's picture

iTop is an web based IT Service Management tool. Prior to version 3.2.1, a portal user can see any other contacts picture by changing the picture ID in the URL. Version 3.2.1 contains a patch for the issue...

5CVSS0.00229EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/05/14 2:39 p.m.18 views

CVE-2024-52601 iTop portal Insecure Direct Object Reference vulnerability

iTop is an web based IT Service Management tool. Prior to versions 2.7.12, 3.1.3, and 3.2.1, anyone with an account having portal access can have read access to objects they're not allowed to see by querying an unprotected route. Versions 2.7.12, 3.1.3, and 3.2.1 contain a fix for the issue...

6.5CVSS0.00285EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/05/14 2:39 p.m.12 views

CVE-2024-52601 iTop portal Insecure Direct Object Reference vulnerability

iTop is an web based IT Service Management tool. Prior to versions 2.7.12, 3.1.3, and 3.2.1, anyone with an account having portal access can have read access to objects they're not allowed to see by querying an unprotected route. Versions 2.7.12, 3.1.3, and 3.2.1 contain a fix for the issue...

6.5CVSS6.3AI score0.00285EPSS
Exploits0References1
CVE
CVE
added 2025/05/14 2:39 p.m.49 views

CVE-2024-52601

CVE-2024-52601 – iTop portal exposure is a read-access flaw in the web-based IT Service Management tool iTop. Prior to versions 2.7.12, 3.1.3, and 3.2.1, accounts with portal access could read objects they are not permitted to see by querying an unprotected route (Insecure Direct Object Reference...

6.5CVSS6.3AI score0.00285EPSS
Exploits0References1Affected Software1
Rows per page
Query Builder