Itop@* Security Vulnerabilities and Issues — Itop@* CVE List

Lucene search

CombodoItop*

8 matches found

CVE•added 2025/02/25 8:15 p.m.•58 views

CVE-2025-27139

Combodo iTop is a web based IT service management tool. Versions prior to 2.7.12, 3.1.2, and 3.2.0 are vulnerable to cross-site scripting when the preferences page is opened. Versions 2.7.12, 3.1.2, and 3.2.0 fix the issue.

6.8CVSS6.3AI score0.00029EPSS

CVE•added 2025/05/14 3:15 p.m.•32 views

CVE-2025-24021

iTop is an web based IT Service Management tool. Prior to versions 2.7.12, 3.1.3, and 3.2.1, anyone with an account having portal access can set value to object fields when they're not supposed to. Versions 2.7.12, 3.1.3, and 3.2.1 contain a fix for the issue.

5CVSS5.2AI score0.00039EPSS

CVE•added 2025/05/14 3:15 p.m.•27 views

CVE-2025-24022

iTop is an web based IT Service Management tool. Prior to versions 2.7.12, 3.1.3, and 3.2.1, server code execution is possible through the frontend of iTop's portal. This is fixed in versions 2.7.12, 3.1.3 and 3.2.1.

8.5CVSS7.6AI score0.00107EPSS

CVE•added 2025/05/14 3:15 p.m.•26 views

CVE-2025-24026

iTop is an web based IT Service Management tool. Versions prior to 3.2.1 are vulnerable to regular expression denial of service (ReDoS) that may, under some circumstances, affect iTop server. Version 3.2.1 doesn't use the affected variable in the regular expression. As a workaround, if iTop app_roo...

5.3CVSS5.3AI score0.00059EPSS

CVE•added 2025/05/14 3:15 p.m.•25 views

CVE-2025-24785

iTop is an web based IT Service Management tool. In version 3.2.0, an attacker may send a URL to the server to trigger a PHP error. The next user trying to load this dashboard would encounter a crashed start page. Version 3.2.1 fixes the issue by checking the provided layout_class before saving the...

4.3CVSS4.6AI score0.00067EPSS

CVE•added 2025/05/14 4:15 p.m.•24 views

CVE-2025-24969

iTop is an web based IT Service Management tool. Prior to version 3.2.1, a portal user can see any other contacts picture by changing the picture ID in the URL. Version 3.2.1 contains a patch for the issue.

5CVSS5.1AI score0.00037EPSS

CVE•added 2025/05/14 3:15 p.m.•23 views

CVE-2024-52601

iTop is an web based IT Service Management tool. Prior to versions 2.7.12, 3.1.3, and 3.2.1, anyone with an account having portal access can have read access to objects they're not allowed to see by querying an unprotected route. Versions 2.7.12, 3.1.3, and 3.2.1 contain a fix for the issue.

6.5CVSS6.3AI score0.00042EPSS

CVE•added 2025/05/14 3:15 p.m.•23 views

CVE-2024-56157

iTop is an web based IT Service Management tool. Prior to versions 3.1.3 and 3.2.1, by filling malicious code in a CSV content, a cross-site scripting attack can be performed when importing this content. The issue is fixed in versions 3.1.3 and 3.2.1. As a workaround, check CSV content before impor...

6.3CVSS6AI score0.00044EPSS