Itop Security Vulnerabilities and Issues — Itop CVE List

Lucene search

CombodoItop

8 matches found

CVE•added 2022/04/05 7:15 p.m.•80 views

CVE-2022-24811

Combodi iTop is a web based IT Service Management tool. Prior to versions 2.7.6 and 3.0.0, cross-site scripting is possible for scripts outside of script tags when displaying HTML attachments. This issue is fixed in versions 2.7.6 and 3.0.0. There are currently no known workarounds.

5.4CVSS5.1AI score0.00293EPSS

CVE•added 2024/04/15 5:15 p.m.•50 views

CVE-2023-38511

iTop is an IT service management platform. Dashboard editor : can load multiple files and URL, and full path disclosure on dashboard config file. This vulnerability is fixed in 3.0.4 and 3.1.1.

5CVSS6.6AI score0.00459EPSS

CVE•added 2024/11/05 12:15 a.m.•47 views

CVE-2024-32870

Combodo iTop is a simple, web based IT Service Management tool. Server, OS, DBMS, PHP, and iTop info (name, version and parameters) can be read by anyone having access to iTop URI. This issue has been patched in versions 2.7.11, 3.0.5, 3.1.2, and 3.2.0. Users are advised to upgrade. There are no kn...

5.8CVSS5.5AI score0.09011EPSS

CVE•added 2024/04/15 6:15 p.m.•46 views

CVE-2023-45808

iTop is an IT service management platform. When creating or updating an object, extkey values aren't checked to be in the current user silo. In other words, by forging an http request, the user can create objects pointing to out of silo objects (for example a UserRequest in an out of scope Organiza...

5.4CVSS6.8AI score0.00315EPSS

CVE•added 2024/04/15 5:15 p.m.•37 views

CVE-2023-43790

iTop is an IT service management platform. By manipulating HTTP queries, a user can inject malicious content in the fields used for the object friendlyname value. This vulnerability is fixed in 3.1.1 and 3.2.0.

5.7CVSS5.5AI score0.0084EPSS

CVE•added 2025/05/14 3:15 p.m.•32 views

CVE-2025-24021

iTop is an web based IT Service Management tool. Prior to versions 2.7.12, 3.1.3, and 3.2.1, anyone with an account having portal access can set value to object fields when they're not supposed to. Versions 2.7.12, 3.1.3, and 3.2.1 contain a fix for the issue.

5CVSS5.2AI score0.00039EPSS

CVE•added 2025/05/14 3:15 p.m.•26 views

CVE-2025-24026

iTop is an web based IT Service Management tool. Versions prior to 3.2.1 are vulnerable to regular expression denial of service (ReDoS) that may, under some circumstances, affect iTop server. Version 3.2.1 doesn't use the affected variable in the regular expression. As a workaround, if iTop app_roo...

5.3CVSS5.3AI score0.00059EPSS

CVE•added 2025/05/14 4:15 p.m.•24 views

CVE-2025-24969

iTop is an web based IT Service Management tool. Prior to version 3.2.1, a portal user can see any other contacts picture by changing the picture ID in the URL. Version 3.2.1 contains a patch for the issue.

5CVSS5.1AI score0.00037EPSS