Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
combodo itop 3.0.0 vulnerabilities and exploits
(subscribe to this query)
6.8
CVSSv2
CVE-2020-12781
Combodo iTop contains a cross-site request forgery (CSRF) vulnerability, attackers can execute specific commands via malicious site request forgery.
Combodo Itop 3.0.0
Combodo Itop
4
CVSSv2
CVE-2020-15219
Combodo iTop is a web based IT Service Management tool. In iTop prior to 2.7.2 and 3.0.0, when a download error is triggered in the user portal, an SQL query is displayed to the user. This is fixed in versions 2.7.2 and 3.0.0.
Combodo Itop
Combodo Itop 3.0.0
5.8
CVSSv2
CVE-2020-15220
Combodo iTop is a web based IT Service Management tool. In iTop prior to 2.7.2 and 3.0.0, two cookies are created for the same session, which leads to a possibility to steal user session. This is fixed in versions 2.7.2 and 3.0.0.
Combodo Itop
Combodo Itop 3.0.0
4.3
CVSSv2
CVE-2021-41162
Combodo iTop is a web based IT Service Management tool. In 3.0.0 beta releases prior to beta6 the `ajax.render.php?operation=wizard_helper` page did not properly escape the user supplied parameters, allowing for a cross site scripting attack vector. Users are advised to upgrade. ...
Combodo Itop 3.0.0
Combodo Itop
6.5
CVSSv2
CVE-2022-24780
Combodo iTop is a web based IT Service Management tool. In versions before 2.7.6 and 3.0.0, users of the iTop user portal can send TWIG code to the server by forging specific http queries, and execute arbitrary code on the server using http server user privileges. This issue is f...
Combodo Itop 3.0.0
Combodo Itop
1 Github repository
5
CVSSv2
CVE-2020-12777
A function in Combodo iTop contains a vulnerability of Broken Access Control, which allows unauthorized malicious user to inject command and disclose system information.
Combodo Itop 3.0.0
Combodo Itop
4.3
CVSSv2
CVE-2020-12778
Combodo iTop does not validate inputted parameters, attackers can inject malicious commands and launch XSS attack.
Combodo Itop 3.0.0
Combodo Itop
4
CVSSv2
CVE-2021-32775
Combodo iTop is a web based IT Service Management tool. In versions before 2.7.4, a non admin user can get access to many class/field values through GroupBy Dashlet error message. This issue is fixed in versions 2.7.4 and 3.0.0.
Combodo Itop
Combodo Itop 3.0.0
6.8
CVSSv2
CVE-2021-32776
Combodo iTop is a web based IT Service Management tool. In versions before 2.7.4, CSRF tokens can be reused by a malicious user, as on Windows servers no cleanup is done on CSRF tokens. This issue is fixed in versions 2.7.4 and 3.0.0.
Combodo Itop
Combodo Itop 3.0.0
3.5
CVSSv2
CVE-2020-15218
Combodo iTop is a web based IT Service Management tool. In iTop prior to 2.7.2 and 3.0.0, admin pages are cached, so that their content is visible after deconnection by using the browser back button. This is fixed in versions 2.7.2 and 3.0.0.
Combodo Itop
Combodo Itop 3.0.0
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-27322
administrator privileges
CVE-2024-1579
hardcoded
CVE-2023-20198
CVE-2024-33587
CVE-2024-33449
CVE-2024-4308
HTML injection
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
NEXT »