Itop@3.0.0 Security Vulnerabilities and Issues — Itop@3.0.0 CVE List

Lucene search

CombodoItop3.0.0

4 matches found

CVE•added 2025/02/25 8:15 p.m.•60 views

CVE-2025-27139

Combodo iTop is a web based IT service management tool. Versions prior to 2.7.12, 3.1.2, and 3.2.0 are vulnerable to cross-site scripting when the preferences page is opened. Versions 2.7.12, 3.1.2, and 3.2.0 fix the issue.

6.8CVSS6.3AI score0.00058EPSS

CVE•added 2025/05/14 3:15 p.m.•42 views

CVE-2025-24021

iTop is an web based IT Service Management tool. Prior to versions 2.7.12, 3.1.3, and 3.2.1, anyone with an account having portal access can set value to object fields when they're not supposed to. Versions 2.7.12, 3.1.3, and 3.2.1 contain a fix for the issue.

5CVSS5.2AI score0.00051EPSS

CVE•added 2025/05/14 3:15 p.m.•38 views

CVE-2025-24022

iTop is an web based IT Service Management tool. Prior to versions 2.7.12, 3.1.3, and 3.2.1, server code execution is possible through the frontend of iTop's portal. This is fixed in versions 2.7.12, 3.1.3 and 3.2.1.

8.5CVSS7.6AI score0.00143EPSS

CVE•added 2025/05/14 3:15 p.m.•32 views

CVE-2024-52601

iTop is an web based IT Service Management tool. Prior to versions 2.7.12, 3.1.3, and 3.2.1, anyone with an account having portal access can have read access to objects they're not allowed to see by querying an unprotected route. Versions 2.7.12, 3.1.3, and 3.2.1 contain a fix for the issue.

6.5CVSS6.3AI score0.00054EPSS