Itop Security Vulnerabilities and Issues — Page 2 of Itop CVE List

Lucene search

CombodoItop

73 matches found

CVE•added 2024/11/05 12:15 a.m.•37 views

CVE-2023-34443

Combodo iTop is a simple, web based IT Service Management tool. When displaying page Run queries Cross-site Scripting (XSS) are possible for scripts outside of script tags. This has been fixed in versions 2.7.9, 3.0.4, 3.1.0. All users are advised to upgrade. There are no known workarounds for this...

8.8CVSS7AI score0.00088EPSS

CVE•added 2024/04/15 5:15 p.m.•37 views

CVE-2023-43790

iTop is an IT service management platform. By manipulating HTTP queries, a user can inject malicious content in the fields used for the object friendlyname value. This vulnerability is fixed in 3.1.1 and 3.2.0.

5.7CVSS5.5AI score0.0084EPSS

CVE•added 2024/11/07 6:15 p.m.•36 views

CVE-2024-51993

Combodo iTop is a web based IT Service Management tool. An attacker accessing a backup file or the database can read some passwords for misconfigured Users. This issue has been addressed in version 3.2.0 and all users are advised to upgrade. Users unable to upgrade are advised to encrypt their back...

3.4CVSS3.9AI score0.00011EPSS

CVE•added 2024/11/08 11:15 p.m.•36 views

CVE-2024-52001

Combodo iTop is a simple, web based IT Service Management tool. In affected versions portal users are able to access forbidden services information. This issue has been addressed in version 3.2.0. All users are advised to upgrade. There are no known workarounds for this vulnerability.

4.3CVSS4.5AI score0.00058EPSS

CVE•added 2021/07/21 3:15 p.m.•35 views

CVE-2021-21406

Combodo iTop is an open source, web based IT Service Management tool. In versions prior to 2.7.4, there is a command injection vulnerability in the Setup Wizard when providing Graphviz executable path. The vulnerability is patched in version 2.7.4 and 3.0.0.

8.8CVSS7.3AI score0.00575EPSS

CVE•added 2021/10/19 6:15 p.m.•35 views

CVE-2021-32663

iTop is an open source web based IT Service Management tool. In affected versions an attacker can call the system setup without authentication. Given specific parameters this can lead to SSRF. This issue has been resolved in versions 2.6.5 and 2.7.5 and later

8.7CVSS7.7AI score0.00316EPSS

CVE•added 2021/07/21 4:15 p.m.•32 views

CVE-2021-21407

Combodo iTop is an open source, web based IT Service Management tool. Prior to version 2.7.4, the CSRF token validation can be bypassed through iTop portal via a tricky browser procedure. The vulnerability is patched in version 2.7.4 and 3.0.0.

8CVSS6.7AI score0.00152EPSS

CVE•added 2023/11/09 6:15 a.m.•32 views

CVE-2023-47489

CSV injection in export as csv in Combodo iTop v.3.1.0-2-11973 allows a local attacker to execute arbitrary code via a crafted script to the export-v2.php and ajax.render.php components.

7.8CVSS7.8AI score0.00108EPSS

CVE•added 2025/05/14 3:15 p.m.•32 views

CVE-2025-24021

iTop is an web based IT Service Management tool. Prior to versions 2.7.12, 3.1.3, and 3.2.1, anyone with an account having portal access can set value to object fields when they're not supposed to. Versions 2.7.12, 3.1.3, and 3.2.1 contain a fix for the issue.

5CVSS5.2AI score0.00039EPSS

CVE•added 2021/01/13 5:15 p.m.•31 views

CVE-2020-15219

Combodo iTop is a web based IT Service Management tool. In iTop before versions 2.7.2 and 3.0.0, when a download error is triggered in the user portal, an SQL query is displayed to the user. This is fixed in versions 2.7.2 and 3.0.0.

4.3CVSS4.8AI score0.00199EPSS

CVE•added 2021/01/13 5:15 p.m.•31 views

CVE-2020-15221

Combodo iTop is a web based IT Service Management tool. In iTop before versions 2.7.2 and 3.0.0, by modifying target browser local storage, an XSS can be generated in the iTop console breadcrumb. This is fixed in versions 2.7.2 and 3.0.0.

6.8CVSS5.3AI score0.00282EPSS

CVE•added 2021/01/12 8:15 p.m.•31 views

CVE-2020-4079

Combodo iTop is a web based IT Service Management tool. In iTop before versions 2.7.2 and 2.8.0, when the ajax endpoint for the "excel export" portal functionality is called directly it allows getting data without scope filtering. This allows a user to access data they which they should not have ac...

7.7CVSS7.4AI score0.00288EPSS

CVE•added 2021/10/19 6:15 p.m.•30 views

CVE-2021-32664

Combodo iTop is an open source web based IT Service Management tool. In affected versions there is a XSS vulnerability on "run query" page when logged as administrator. This has been resolved in versions 2.6.5 and 2.7.5.

8.1CVSS5.3AI score0.00423EPSS

CVE•added 2021/01/13 5:15 p.m.•27 views

CVE-2020-15220

Combodo iTop is a web based IT Service Management tool. In iTop before versions 2.7.2 and 3.0.0, two cookies are created for the same session, which leads to a possibility to steal user session. This is fixed in versions 2.7.2 and 3.0.0.

6.1CVSS6.1AI score0.002EPSS

CVE•added 2025/05/14 3:15 p.m.•27 views

CVE-2025-24022

iTop is an web based IT Service Management tool. Prior to versions 2.7.12, 3.1.3, and 3.2.1, server code execution is possible through the frontend of iTop's portal. This is fixed in versions 2.7.12, 3.1.3 and 3.2.1.

8.5CVSS7.6AI score0.00107EPSS

CVE•added 2023/11/09 6:15 a.m.•26 views

CVE-2023-47488

Cross Site Scripting vulnerability in Combodo iTop v.3.1.0-2-11973 allows a local attacker to obtain sensitive information via a crafted script to the attrib_manager_id parameter in the General Information page and the id parameter in the contact page.

6.1CVSS5.7AI score0.03891EPSS

CVE•added 2025/05/14 3:15 p.m.•26 views

CVE-2025-24026

iTop is an web based IT Service Management tool. Versions prior to 3.2.1 are vulnerable to regular expression denial of service (ReDoS) that may, under some circumstances, affect iTop server. Version 3.2.1 doesn't use the affected variable in the regular expression. As a workaround, if iTop app_roo...

5.3CVSS5.3AI score0.00059EPSS

CVE•added 2021/01/13 5:15 p.m.•25 views

CVE-2020-15218

Combodo iTop is a web based IT Service Management tool. In iTop before versions 2.7.2 and 3.0.0, admin pages are cached, so that their content is visible after deconnection by using the browser back button. This is fixed in versions 2.7.2 and 3.0.0.

6.8CVSS6.5AI score0.0023EPSS

CVE•added 2023/10/25 6:17 p.m.•25 views

CVE-2023-34446

iTop is an open source, web-based IT service management platform. Prior to versions 3.0.4 and 3.1.0, when displaying pages/preferences.php, cross site scripting is possible. This issue is fixed in versions 3.0.4 and 3.1.0.

8.8CVSS6.9AI score0.0078EPSS

CVE•added 2025/05/14 3:15 p.m.•25 views

CVE-2025-24785

iTop is an web based IT Service Management tool. In version 3.2.0, an attacker may send a URL to the server to trigger a PHP error. The next user trying to load this dashboard would encounter a crashed start page. Version 3.2.1 fixes the issue by checking the provided layout_class before saving the...

4.3CVSS4.6AI score0.00067EPSS

CVE•added 2025/05/14 4:15 p.m.•24 views

CVE-2025-24969

iTop is an web based IT Service Management tool. Prior to version 3.2.1, a portal user can see any other contacts picture by changing the picture ID in the URL. Version 3.2.1 contains a patch for the issue.

5CVSS5.1AI score0.00037EPSS

CVE•added 2025/05/14 3:15 p.m.•23 views

CVE-2024-52601

iTop is an web based IT Service Management tool. Prior to versions 2.7.12, 3.1.3, and 3.2.1, anyone with an account having portal access can have read access to objects they're not allowed to see by querying an unprotected route. Versions 2.7.12, 3.1.3, and 3.2.1 contain a fix for the issue.

6.5CVSS6.3AI score0.00042EPSS

CVE•added 2025/05/14 3:15 p.m.•23 views

CVE-2024-56157

iTop is an web based IT Service Management tool. Prior to versions 3.1.3 and 3.2.1, by filling malicious code in a CSV content, a cross-site scripting attack can be performed when importing this content. The issue is fixed in versions 3.1.3 and 3.2.1. As a workaround, check CSV content before impor...

6.3CVSS6AI score0.00044EPSS

Total number of security vulnerabilities73