Lucene search
K
Database
Vendors
Products
Timeline
Vulnerabilities
Perimeter Scanner
Scanning
Projects
Scanner
Agent Scanning
API Scanning
Manual Audit
Email
Webhook
Resources
Documents
Blog
Glossary
FAQ
Plugins
Pricing
Contacts
About Us
Partners
Branding Guideline
Settings
Sign in
CombodoItop

8 matches found

CVE
CVEadded 2025/02/25 8:15 p.m.58 views

CVE-2025-27139

Combodo iTop is a web based IT service management tool. Versions prior to 2.7.12, 3.1.2, and 3.2.0 are vulnerable to cross-site scripting when the preferences page is opened. Versions 2.7.12, 3.1.2, and 3.2.0 fix the issue.

6.8CVSS6.3AI score0.00029EPSS
CVE
CVEadded 2025/05/14 3:15 p.m.32 views

CVE-2025-24021

iTop is an web based IT Service Management tool. Prior to versions 2.7.12, 3.1.3, and 3.2.1, anyone with an account having portal access can set value to object fields when they're not supposed to. Versions 2.7.12, 3.1.3, and 3.2.1 contain a fix for the issue.

5CVSS5.2AI score0.00039EPSS
CVE
CVEadded 2025/05/14 3:15 p.m.27 views

CVE-2025-24022

iTop is an web based IT Service Management tool. Prior to versions 2.7.12, 3.1.3, and 3.2.1, server code execution is possible through the frontend of iTop's portal. This is fixed in versions 2.7.12, 3.1.3 and 3.2.1.

8.5CVSS7.6AI score0.00107EPSS
CVE
CVEadded 2025/05/14 3:15 p.m.26 views

CVE-2025-24026

iTop is an web based IT Service Management tool. Versions prior to 3.2.1 are vulnerable to regular expression denial of service (ReDoS) that may, under some circumstances, affect iTop server. Version 3.2.1 doesn't use the affected variable in the regular expression. As a workaround, if iTop app_roo...

5.3CVSS5.3AI score0.00059EPSS
CVE
CVEadded 2025/05/14 3:15 p.m.25 views

CVE-2025-24785

iTop is an web based IT Service Management tool. In version 3.2.0, an attacker may send a URL to the server to trigger a PHP error. The next user trying to load this dashboard would encounter a crashed start page. Version 3.2.1 fixes the issue by checking the provided layout_class before saving the...

4.3CVSS4.6AI score0.00067EPSS
CVE
CVEadded 2025/05/14 4:15 p.m.24 views

CVE-2025-24969

iTop is an web based IT Service Management tool. Prior to version 3.2.1, a portal user can see any other contacts picture by changing the picture ID in the URL. Version 3.2.1 contains a patch for the issue.

5CVSS5.1AI score0.00037EPSS
CVE
CVEadded 2025/05/14 3:15 p.m.23 views

CVE-2024-52601

iTop is an web based IT Service Management tool. Prior to versions 2.7.12, 3.1.3, and 3.2.1, anyone with an account having portal access can have read access to objects they're not allowed to see by querying an unprotected route. Versions 2.7.12, 3.1.3, and 3.2.1 contain a fix for the issue.

6.5CVSS6.3AI score0.00042EPSS
CVE
CVEadded 2025/05/14 3:15 p.m.23 views

CVE-2024-56157

iTop is an web based IT Service Management tool. Prior to versions 3.1.3 and 3.2.1, by filling malicious code in a CSV content, a cross-site scripting attack can be performed when importing this content. The issue is fixed in versions 3.1.3 and 3.2.1. As a workaround, check CSV content before impor...

6.3CVSS6AI score0.00044EPSS