Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
combodo itop 3.0.0 vulnerabilities and exploits
(subscribe to this query)
312
VMScore
CVE-2020-15218
Combodo iTop is a web based IT Service Management tool. In iTop prior to 2.7.2 and 3.0.0, admin pages are cached, so that their content is visible after deconnection by using the browser back button. This is fixed in versions 2.7.2 and 3.0.0.
Combodo Itop
Combodo Itop 3.0.0
356
VMScore
CVE-2020-15219
Combodo iTop is a web based IT Service Management tool. In iTop prior to 2.7.2 and 3.0.0, when a download error is triggered in the user portal, an SQL query is displayed to the user. This is fixed in versions 2.7.2 and 3.0.0.
Combodo Itop
Combodo Itop 3.0.0
312
VMScore
CVE-2022-24870
Combodo iTop is a web based IT Service Management tool. In 3.0.0 beta releases before 3.0.0 beta3 a malicious script can be injected in tooltips using iTop customization mechanism. This provides a stored cross site scripting attack vector to authorized users of the system. Users ...
Combodo Itop 3.0.0
578
VMScore
CVE-2021-21406
Combodo iTop is an open source, web based IT Service Management tool. In versions before 2.7.4, there is a command injection vulnerability in the Setup Wizard when providing Graphviz executable path. The vulnerability is patched in version 2.7.4 and 3.0.0.
Combodo Itop
Combodo Itop 2.7.5
Combodo Itop 2.7.5-1
356
VMScore
CVE-2020-4079
Combodo iTop is a web based IT Service Management tool. In iTop prior to 2.7.2 and 2.8.0, when the ajax endpoint for the "excel export" portal functionality is called directly it allows getting data without scope filtering. This allows a user to access data they which t...
Combodo Itop
Combodo Itop 2.7.3
312
VMScore
CVE-2022-24811
Combodi iTop is a web based IT Service Management tool. Prior to versions 2.7.6 and 3.0.0, cross-site scripting is possible for scripts outside of script tags when displaying HTML attachments. This issue is fixed in versions 2.7.6 and 3.0.0. There are currently no known workaroun...
Combodo Itop
516
VMScore
CVE-2021-41245
Combodo iTop is a web based IT Service Management tool. In versions before 2.7.6 and 3.0.0, CSRF tokens generated by `privUITransactionFile` aren't properly checked. Versions 2.7.6 and 3.0.0 contain a patch for this issue. As a workaround, use the session implementation by a...
Combodo Itop
383
VMScore
CVE-2021-21407
Combodo iTop is an open source, web based IT Service Management tool. Prior to version 2.7.4, the CSRF token validation can be bypassed through iTop portal via a tricky browser procedure. The vulnerability is patched in version 2.7.4 and 3.0.0.
Combodo Itop
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-4654
CVE-2023-49606
encryption
NULL pointer dereference
CVE-2024-4439
CVE-2024-4649
race condition
CVE-2024-27202
CVE-2024-34566
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2