Itop Security Vulnerabilities and Issues — Itop CVE List

Lucene search

CombodoItop

11 matches found

CVE•added 2020/02/14 10:15 p.m.•114 views

CVE-2019-13967

iTop 2.2.0 through 2.6.0 allows remote attackers to cause a denial of service (application outage) via many requests to launch a compile operation. The requests use the pages/exec.php?exec_env=production&exec_module=itop-hub-connector&exec_page=ajax.php&operation=compile URI. This only affects the ...

7.5CVSS7.4AI score0.00716EPSS

CVE•added 2024/11/05 6:15 p.m.•71 views

CVE-2024-51739

Combodo iTop is a simple, web based IT Service Management tool. Unauthenticated user can perform users enumeration, which can make it easier to bruteforce a valid account. As a fix the sentence displayed after resetting password no longer shows if the user exists or not. This fix is included in ver...

7.5CVSS6.3AI score0.46896EPSS

CVE•added 2020/08/10 3:15 a.m.•53 views

CVE-2020-12777

A function in Combodo iTop contains a vulnerability of Broken Access Control, which allows unauthorized attacker to inject command and disclose system information.

7.5CVSS7.5AI score0.00316EPSS

CVE•added 2021/07/21 9:15 p.m.•52 views

CVE-2021-32775

Combodo iTop is a web based IT Service Management tool. In versions prior to 2.7.4, a non admin user can get access to many class/field values through GroupBy Dashlet error message. This issue is fixed in versions 2.7.4 and 3.0.0.

7.7CVSS6.3AI score0.00288EPSS

CVE•added 2020/08/10 3:15 a.m.•47 views

CVE-2020-12780

A security misconfiguration exists in Combodo iTop, which can expose sensitive information.

7.5CVSS7.5AI score0.0028EPSS

CVE•added 2020/08/10 3:15 a.m.•44 views

CVE-2020-12778

Combodo iTop does not validate inputted parameters, attackers can inject malicious commands and launch XSS attack.

7.4CVSS6.4AI score0.00311EPSS

CVE•added 2024/11/07 6:15 p.m.•44 views

CVE-2024-51995

Combodo iTop is a web based IT Service Management tool. An attacker can request any route we want as long as we specify an operation that is allowed. This issue has been addressed in version 3.2.0 by applying the same access control pattern as in UI.php to the ajax.render.php page which does not al...

7.1CVSS7AI score0.00068EPSS

CVE•added 2024/11/07 6:15 p.m.•40 views

CVE-2024-51994

Combodo iTop is a web based IT Service Management tool. In affected versions uploading a text file containing some java script in the portal will trigger an Cross-site Scripting (XSS) vulnerability. This issue has been addressed in version 3.2.0 and all users are advised to upgrade. There are no kn...

7.1CVSS6.6AI score0.00184EPSS

CVE•added 2018/05/02 7:29 a.m.•39 views

CVE-2018-10642

Command injection vulnerability in Combodo iTop 2.4.1 allows remote authenticated administrators to execute arbitrary commands by changing the platform configuration, because web/env-production/itop-config/config.php contains a function called TestConfig() that calls the vulnerable function eval().

7.2CVSS6.7AI score0.03996EPSS

CVE•added 2023/11/09 6:15 a.m.•32 views

CVE-2023-47489

CSV injection in export as csv in Combodo iTop v.3.1.0-2-11973 allows a local attacker to execute arbitrary code via a crafted script to the export-v2.php and ajax.render.php components.

7.8CVSS7.8AI score0.00108EPSS

CVE•added 2021/01/12 8:15 p.m.•31 views

CVE-2020-4079

Combodo iTop is a web based IT Service Management tool. In iTop before versions 2.7.2 and 2.8.0, when the ajax endpoint for the "excel export" portal functionality is called directly it allows getting data without scope filtering. This allows a user to access data they which they should not have ac...

7.7CVSS7.4AI score0.00288EPSS