731 matches found
CVE-2020-4079 Information disclosure vulnerability in iTop
Combodo iTop is a web based IT Service Management tool. In iTop before versions 2.7.2 and 2.8.0, when the ajax endpoint for the "excel export" portal functionality is called directly it allows getting data without scope filtering. This allows a user to access data they which they should not have...
CVE-2020-4079
CVE-2020-4079 affects Combodo iTop prior to 2.7.2 and 2.8.0 where the ajax endpoint for the Excel export portal could be accessed directly, bypassing scope filtering and exposing data to users who should not have access. Root cause: missing access control on the Excel export data retrieval. Impac...
Combodo iTop 信息泄露漏洞
Combodo iTop is a French company Combodo ITIL-based development and for the daily operation of the IT environment of open source Web applications. The program provides incident management, configuration management and problem management. Combodo iTop 2.8.0 version of the previous security...
PT-2021-12113 · Comodo +1 · Itop +1
Name of the Vulnerable Software and Affected Versions: Combodo iTop versions prior to 2.7.2 Combodo iTop versions prior to 2.8.0 Description: The issue allows a user to access data they should not have access to by calling the ajax endpoint for the "excel export" portal functionality directly,...
Combodo iTop Information Disclosure Vulnerability (CNVD-2020-47569)
Combodo iTop is a French company Combodo ITIL-based development and for the daily operation of the IT environment of open source Web applications. The program provides incident management, configuration management and problem management functions. An information disclosure vulnerability exists in...
Combodo iTop Information Disclosure Vulnerability
Combodo iTop is a French company Combodo ITIL-based development and for the daily operation of the IT environment of open source Web applications. The program provides incident management, configuration management and problem management functions. An information disclosure vulnerability exists in...
CVE-2020-12777
A function in Combodo iTop contains a vulnerability of Broken Access Control, which allows unauthorized attacker to inject command and disclose system information...
CVE-2020-12780
A security misconfiguration exists in Combodo iTop, which can expose sensitive information...
CVE-2020-12781
Combodo iTop contains a cross-site request forgery CSRF vulnerability, attackers can execute specific commands via malicious site request forgery...
CVE-2020-12778
Combodo iTop does not validate inputted parameters, attackers can inject malicious commands and launch XSS attack...
CVE-2020-12779
Combodo iTop contains a stored Cross-site Scripting vulnerability, which can be attacked by uploading file with malicious script...
CVE-2020-12781
Combodo iTop contains a cross-site request forgery CSRF vulnerability, attackers can execute specific commands via malicious site request forgery...
CVE-2020-12777
A function in Combodo iTop contains a vulnerability of Broken Access Control, which allows unauthorized attacker to inject command and disclose system information...
CVE-2020-12778
Combodo iTop does not validate inputted parameters, attackers can inject malicious commands and launch XSS attack...
CVE-2020-12779
Combodo iTop contains a stored Cross-site Scripting vulnerability, which can be attacked by uploading file with malicious script...
CVE-2020-12780
A security misconfiguration exists in Combodo iTop, which can expose sensitive information...
Cross site scripting
Combodo iTop contains a stored Cross-site Scripting vulnerability, which can be attacked by uploading file with malicious script...
Information disclosure
A security misconfiguration exists in Combodo iTop, which can expose sensitive information...
Design/Logic Flaw
Combodo iTop does not validate inputted parameters, attackers can inject malicious commands and launch XSS attack...
Improper access control
A function in Combodo iTop contains a vulnerability of Broken Access Control, which allows unauthorized attacker to inject command and disclose system information...