Lucene search
+L

731 matches found

Cvelist
Cvelist
added 2021/01/12 7:20 p.m.20 views

CVE-2020-4079 Information disclosure vulnerability in iTop

Combodo iTop is a web based IT Service Management tool. In iTop before versions 2.7.2 and 2.8.0, when the ajax endpoint for the "excel export" portal functionality is called directly it allows getting data without scope filtering. This allows a user to access data they which they should not have...

7.7CVSS7.5AI score0.00861EPSS
Exploits0References1
CVE
CVE
added 2021/01/12 7:20 p.m.47 views

CVE-2020-4079

CVE-2020-4079 affects Combodo iTop prior to 2.7.2 and 2.8.0 where the ajax endpoint for the Excel export portal could be accessed directly, bypassing scope filtering and exposing data to users who should not have access. Root cause: missing access control on the Excel export data retrieval. Impac...

7.7CVSS7.4AI score0.00861EPSS
Exploits0References1Affected Software1
CNNVD
CNNVD
added 2021/01/12 12:0 a.m.9 views

Combodo iTop 信息泄露漏洞

Combodo iTop is a French company Combodo ITIL-based development and for the daily operation of the IT environment of open source Web applications. The program provides incident management, configuration management and problem management. Combodo iTop 2.8.0 version of the previous security...

7.7CVSS7.1AI score0.00861EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2021/01/12 12:0 a.m.13 views

PT-2021-12113 · Comodo +1 · Itop +1

Name of the Vulnerable Software and Affected Versions: Combodo iTop versions prior to 2.7.2 Combodo iTop versions prior to 2.8.0 Description: The issue allows a user to access data they should not have access to by calling the ajax endpoint for the "excel export" portal functionality directly,...

9.8CVSS7.1AI score0.25573EPSS
Exploits11References64
CNVD
CNVD
added 2020/08/11 12:0 a.m.6 views

Combodo iTop Information Disclosure Vulnerability (CNVD-2020-47569)

Combodo iTop is a French company Combodo ITIL-based development and for the daily operation of the IT environment of open source Web applications. The program provides incident management, configuration management and problem management functions. An information disclosure vulnerability exists in...

7.5CVSS6.3AI score0.0126EPSS
Exploits0References1
CNVD
CNVD
added 2020/08/11 12:0 a.m.2 views

Combodo iTop Information Disclosure Vulnerability

Combodo iTop is a French company Combodo ITIL-based development and for the daily operation of the IT environment of open source Web applications. The program provides incident management, configuration management and problem management functions. An information disclosure vulnerability exists in...

7.5CVSS6.1AI score0.01194EPSS
Exploits0References1
NVD
NVD
added 2020/08/10 3:15 a.m.11 views

CVE-2020-12777

A function in Combodo iTop contains a vulnerability of Broken Access Control, which allows unauthorized attacker to inject command and disclose system information...

7.5CVSS7.5AI score0.0126EPSS
Exploits0References2
NVD
NVD
added 2020/08/10 3:15 a.m.12 views

CVE-2020-12780

A security misconfiguration exists in Combodo iTop, which can expose sensitive information...

7.5CVSS7.5AI score0.01194EPSS
Exploits0References2
NVD
NVD
added 2020/08/10 3:15 a.m.17 views

CVE-2020-12781

Combodo iTop contains a cross-site request forgery CSRF vulnerability, attackers can execute specific commands via malicious site request forgery...

8.8CVSS6.7AI score0.00478EPSS
Exploits0References2
NVD
NVD
added 2020/08/10 3:15 a.m.12 views

CVE-2020-12778

Combodo iTop does not validate inputted parameters, attackers can inject malicious commands and launch XSS attack...

7.4CVSS7.3AI score0.00793EPSS
Exploits0References2
NVD
NVD
added 2020/08/10 3:15 a.m.18 views

CVE-2020-12779

Combodo iTop contains a stored Cross-site Scripting vulnerability, which can be attacked by uploading file with malicious script...

6.8CVSS6.4AI score0.0063EPSS
Exploits0References2
OSV
OSV
added 2020/08/10 3:15 a.m.9 views

CVE-2020-12781

Combodo iTop contains a cross-site request forgery CSRF vulnerability, attackers can execute specific commands via malicious site request forgery...

8.8CVSS7.3AI score
Exploits0References2
OSV
OSV
added 2020/08/10 3:15 a.m.12 views

CVE-2020-12777

A function in Combodo iTop contains a vulnerability of Broken Access Control, which allows unauthorized attacker to inject command and disclose system information...

7.5CVSS6.8AI score
Exploits0References2
OSV
OSV
added 2020/08/10 3:15 a.m.10 views

CVE-2020-12778

Combodo iTop does not validate inputted parameters, attackers can inject malicious commands and launch XSS attack...

6.1CVSS6.3AI score
Exploits0References2
OSV
OSV
added 2020/08/10 3:15 a.m.15 views

CVE-2020-12779

Combodo iTop contains a stored Cross-site Scripting vulnerability, which can be attacked by uploading file with malicious script...

5.4CVSS6.3AI score
Exploits0References2
OSV
OSV
added 2020/08/10 3:15 a.m.11 views

CVE-2020-12780

A security misconfiguration exists in Combodo iTop, which can expose sensitive information...

7.5CVSS6.8AI score
Exploits0References2
Prion
Prion
added 2020/08/10 3:15 a.m.14 views

Cross site scripting

Combodo iTop contains a stored Cross-site Scripting vulnerability, which can be attacked by uploading file with malicious script...

3.5CVSS5.3AI score0.0063EPSS
Exploits0References2Affected Software1
Prion
Prion
added 2020/08/10 3:15 a.m.11 views

Information disclosure

A security misconfiguration exists in Combodo iTop, which can expose sensitive information...

5CVSS7.5AI score0.01194EPSS
Exploits0References2Affected Software1
Prion
Prion
added 2020/08/10 3:15 a.m.10 views

Design/Logic Flaw

Combodo iTop does not validate inputted parameters, attackers can inject malicious commands and launch XSS attack...

4.3CVSS6.2AI score0.00793EPSS
Exploits0References2Affected Software1
Prion
Prion
added 2020/08/10 3:15 a.m.15 views

Improper access control

A function in Combodo iTop contains a vulnerability of Broken Access Control, which allows unauthorized attacker to inject command and disclose system information...

5CVSS7.5AI score0.0126EPSS
Exploits0References2Affected Software1
Rows per page
Query Builder