11 matches found
CVE-2024-52601
iTop is an web based IT Service Management tool. Prior to versions 2.7.12, 3.1.3, and 3.2.1, anyone with an account having portal access can have read access to objects they're not allowed to see by querying an unprotected route. Versions 2.7.12, 3.1.3, and 3.2.1 contain a fix for the issue...
CVE-2025-24026
iTop is an web based IT Service Management tool. Versions prior to 3.2.1 are vulnerable to regular expression denial of service ReDoS that may, under some circumstances, affect iTop server. Version 3.2.1 doesn't use the affected variable in the regular expression. As a workaround, if iTop...
CVE-2025-24026 iTop Inefficient Regular Expression Complexity vulnerability
iTop is an web based IT Service Management tool. Versions prior to 3.2.1 are vulnerable to regular expression denial of service ReDoS that may, under some circumstances, affect iTop server. Version 3.2.1 doesn't use the affected variable in the regular expression. As a workaround, if iTop...
CVE-2025-24021 iTop doesn't have mass assignment of fields in the portal form
iTop is an web based IT Service Management tool. Prior to versions 2.7.12, 3.1.3, and 3.2.1, anyone with an account having portal access can set value to object fields when they're not supposed to. Versions 2.7.12, 3.1.3, and 3.2.1 contain a fix for the issue...
CVE-2024-52601 iTop portal Insecure Direct Object Reference vulnerability
iTop is an web based IT Service Management tool. Prior to versions 2.7.12, 3.1.3, and 3.2.1, anyone with an account having portal access can have read access to objects they're not allowed to see by querying an unprotected route. Versions 2.7.12, 3.1.3, and 3.2.1 contain a fix for the issue...
PT-2025-21173 · Itop · Itop
Name of the Vulnerable Software and Affected Versions: iTop version 3.2.0 Description: The issue allows an attacker to send a URL to the server, triggering a PHP error. This error causes the start page to crash for the next user attempting to load the dashboard. Recommendations: For version 3.2.0...
PT-2025-21171 · Itop · Itop
Name of the Vulnerable Software and Affected Versions: iTop versions prior to 2.7.12 iTop versions 3.0.0 through 3.1.3 iTop versions 3.2.0 through 3.2.1 Description: iTop is a web-based IT Service Management tool. Server code execution is possible through the frontend of iTop's portal. This issue...
PT-2025-21172 · Itop · Itop
Name of the Vulnerable Software and Affected Versions: iTop versions prior to 3.2.1 Description: The issue is related to a regular expression denial of service ReDoS that may affect the iTop server under certain circumstances. The problem arises from the use of an affected variable in a regular...
PT-2025-21168 · Itop · Itop
Name of the Vulnerable Software and Affected Versions: iTop versions prior to 2.7.12 iTop versions prior to 3.1.3 iTop versions prior to 3.2.1 Description: The issue affects iTop, a web-based IT Service Management tool. Prior to versions 2.7.12, 3.1.3, and 3.2.1, anyone with an account having...
CVE-2022-31402
ITOP v3.0.1 was discovered to contain a cross-site scripting XSS vulnerability via /itop/webservices/export-v2.php...
iTop Remote Command Execution Exploit
!/usr/bin/env ruby Exploit Title: iTop p...