Lucene search
K
Database
Vendors
Products
Timeline
Vulnerabilities
Perimeter Scanner
Scanning
Projects
Scanner
Agent Scanning
API Scanning
Manual Audit
Email
Webhook
Resources
Documents
Blog
Glossary
FAQ
Plugins
Pricing
Contacts
About Us
Partners
Branding Guideline
Settings
Sign in
CombodoItop

14 matches found

CVE
CVEadded 2024/11/05 6:15 p.m.71 views

CVE-2024-51739

Combodo iTop is a simple, web based IT Service Management tool. Unauthenticated user can perform users enumeration, which can make it easier to bruteforce a valid account. As a fix the sentence displayed after resetting password no longer shows if the user exists or not. This fix is included in ver...

7.5CVSS6.3AI score0.46896EPSS
CVE
CVEadded 2024/11/05 12:15 a.m.50 views

CVE-2023-34444

Combodo iTop is a simple, web based IT Service Management tool. When displaying pages/ajax.searchform.php XSS are possible for scripts outside of script tags. This issue has been fixed in versions 2.7.9, 3.0.4, 3.1.0. All users are advised to upgrade. There are no known workarounds for this vulnera...

8.8CVSS7.2AI score0.00191EPSS
CVE
CVEadded 2024/11/05 12:15 a.m.47 views

CVE-2024-32870

Combodo iTop is a simple, web based IT Service Management tool. Server, OS, DBMS, PHP, and iTop info (name, version and parameters) can be read by anyone having access to iTop URI. This issue has been patched in versions 2.7.11, 3.0.5, 3.1.2, and 3.2.0. Users are advised to upgrade. There are no kn...

5.8CVSS5.5AI score0.09011EPSS
CVE
CVEadded 2024/11/05 7:15 p.m.45 views

CVE-2024-51740

Combodo iTop is a simple, web based IT Service Management tool. This vulnerability can be used to create HTTP requests on behalf of the server, from a low privileged user. The user portal form manager has been fixed to only instantiate classes derived from it. This issue has been addressed in versi...

8.8CVSS4.9AI score0.00151EPSS
CVE
CVEadded 2024/11/05 12:15 a.m.44 views

CVE-2024-31998

Combodo iTop is a simple, web based IT Service Management tool. A CSRF can be performed on CSV import simulation. This issue has been fixed in versions 3.1.2 and 3.2.0. All users are advised to upgrade. There are no known workarounds for this vulnerability.

8.8CVSS8.7AI score0.00102EPSS
CVE
CVEadded 2024/11/07 6:15 p.m.44 views

CVE-2024-51995

Combodo iTop is a web based IT Service Management tool. An attacker can request any route we want as long as we specify an operation that is allowed. This issue has been addressed in version 3.2.0 by applying the same access control pattern as in UI.php to the ajax.render.php page which does not al...

7.1CVSS7AI score0.00067EPSS
CVE
CVEadded 2024/11/05 12:15 a.m.42 views

CVE-2024-31448

Combodo iTop is a simple, web based IT Service Management tool. By filling malicious code in a CSV content, an Cross-site Scripting (XSS) attack can be performed when importing this content. This issue has been fixed in versions 3.1.2 and 3.2.0. All users are advised to upgrade. Users unable to upg...

8.8CVSS7AI score0.00191EPSS
CVE
CVEadded 2024/11/05 12:15 a.m.41 views

CVE-2023-34445

Combodo iTop is a simple, web based IT Service Management tool. When displaying pages/ajax.render.php XSS are possible for scripts outside of script tags. This issue has been fixed in versions 2.7.9, 3.0.4, 3.1.0. All users are advised to upgrade. There are no known workarounds for this vulnerabili...

8.8CVSS7.2AI score0.00191EPSS
CVE
CVEadded 2024/11/07 6:15 p.m.40 views

CVE-2024-51994

Combodo iTop is a web based IT Service Management tool. In affected versions uploading a text file containing some java script in the portal will trigger an Cross-site Scripting (XSS) vulnerability. This issue has been addressed in version 3.2.0 and all users are advised to upgrade. There are no kn...

7.1CVSS6.6AI score0.00165EPSS
CVE
CVEadded 2024/11/08 11:15 p.m.40 views

CVE-2024-52000

Combodo iTop is a simple, web based IT Service Management tool. Affected versions are subject to a reflected Cross-site Scripting (XSS) exploit by way of editing a request's payload which can lead to malicious javascript execution. This issue has been addressed in version 3.2.0 via systematic escap...

8.1CVSS7.8AI score0.00256EPSS
CVE
CVEadded 2024/11/08 11:15 p.m.40 views

CVE-2024-52002

Combodo iTop is a simple, web based IT Service Management tool. Several url endpoints are subject to a Cross-Site Request Forgery (CSRF) vulnerability. Please refer to the linked GHSA for the complete list. This issue has been addressed in version 3.2.0 and all users are advised to upgrade. There a...

8.8CVSS7.7AI score0.01574EPSS
CVE
CVEadded 2024/11/05 12:15 a.m.37 views

CVE-2023-34443

Combodo iTop is a simple, web based IT Service Management tool. When displaying page Run queries Cross-site Scripting (XSS) are possible for scripts outside of script tags. This has been fixed in versions 2.7.9, 3.0.4, 3.1.0. All users are advised to upgrade. There are no known workarounds for this...

8.8CVSS7AI score0.00098EPSS
CVE
CVEadded 2024/11/07 6:15 p.m.36 views

CVE-2024-51993

Combodo iTop is a web based IT Service Management tool. An attacker accessing a backup file or the database can read some passwords for misconfigured Users. This issue has been addressed in version 3.2.0 and all users are advised to upgrade. Users unable to upgrade are advised to encrypt their back...

3.4CVSS3.9AI score0.00013EPSS
CVE
CVEadded 2024/11/08 11:15 p.m.36 views

CVE-2024-52001

Combodo iTop is a simple, web based IT Service Management tool. In affected versions portal users are able to access forbidden services information. This issue has been addressed in version 3.2.0. All users are advised to upgrade. There are no known workarounds for this vulnerability.

4.3CVSS4.5AI score0.00074EPSS