Itop Security Vulnerabilities and Issues — Itop CVE List

Lucene search

CombodoItop

9 matches found

CVE•added 2024/04/15 5:15 p.m.•50 views

CVE-2023-38511

iTop is an IT service management platform. Dashboard editor : can load multiple files and URL, and full path disclosure on dashboard config file. This vulnerability is fixed in 3.0.4 and 3.1.1.

5CVSS6.6AI score0.00459EPSS

CVE•added 2024/04/15 6:15 p.m.•49 views

CVE-2023-48710

iTop is an IT service management platform. Files from the env-production folder can be retrieved even though they should have restricted access. Hopefully, there is no sensitive files stored in that folder natively, but there could be from a third-party module.The pages/exec.php script as been fixe...

9.8CVSS9.2AI score0.00411EPSS

CVE•added 2024/04/15 6:15 p.m.•46 views

CVE-2023-45808

iTop is an IT service management platform. When creating or updating an object, extkey values aren't checked to be in the current user silo. In other words, by forging an http request, the user can create objects pointing to out of silo objects (for example a UserRequest in an out of scope Organiza...

5.4CVSS6.8AI score0.00315EPSS

CVE•added 2024/04/15 6:15 p.m.•45 views

CVE-2023-47626

iTop is an IT service management platform. When displaying/editing the user's personal tokens, XSS attacks are possible. This vulnerability is fixed in 3.1.1.

8.8CVSS5.9AI score0.00687EPSS

CVE•added 2024/04/15 6:15 p.m.•43 views

CVE-2023-48709

iTop is an IT service management platform. When exporting data from backoffice or portal in CSV or Excel files, users' inputs may include malicious formulas that may be imported into Excel. As Excel 2016 does not prevent Remote Code Execution by default, uninformed users may become victims. This vu...

8CVSS8AI score0.03312EPSS

CVE•added 2024/04/15 6:15 p.m.•39 views

CVE-2023-47123

iTop is an IT service management platform. By filling malicious code in an object friendlyname / complementary name, an XSS attack can be performed when this object will displayed as an n:n relation item in another object. This vulnerability is fixed in 3.1.1 and 3.2.0.

8.7CVSS6.1AI score0.00533EPSS

CVE•added 2024/04/15 6:15 p.m.•39 views

CVE-2023-47622

iTop is an IT service management platform. When dashlet are refreshed, XSS attacks are possible. This vulnerability is fixed in 3.0.4 and 3.1.1.

8.8CVSS5.9AI score0.00526EPSS

CVE•added 2024/04/15 6:15 p.m.•38 views

CVE-2023-44396

iTop is an IT service management platform. Dashlet edits ajax endpoints can be used to produce XSS. Fixed in iTop 2.7.10, 3.0.4, and 3.1.1.

6.8CVSS6.5AI score0.00936EPSS

CVE•added 2024/04/15 5:15 p.m.•37 views

CVE-2023-43790

iTop is an IT service management platform. By manipulating HTTP queries, a user can inject malicious content in the fields used for the object friendlyname value. This vulnerability is fixed in 3.1.1 and 3.2.0.

5.7CVSS5.5AI score0.0084EPSS