Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
combodo itop vulnerabilities and exploits
(subscribe to this query)
6.5
CVSSv3
CVE-2021-21407
Combodo iTop is an open source, web based IT Service Management tool. Prior to version 2.7.4, the CSRF token validation can be bypassed through iTop portal via a tricky browser procedure. The vulnerability is patched in version 2.7.4 and 3.0.0.
Combodo Itop
5.4
CVSSv3
CVE-2022-24811
Combodi iTop is a web based IT Service Management tool. Prior to versions 2.7.6 and 3.0.0, cross-site scripting is possible for scripts outside of script tags when displaying HTML attachments. This issue is fixed in versions 2.7.6 and 3.0.0. There are currently no known workaroun...
Combodo Itop
7.2
CVSSv3
CVE-2018-10642
Command injection vulnerability in Combodo iTop 2.4.1 allows remote authenticated administrators to execute arbitrary commands by changing the platform configuration, because web/env-production/itop-config/config.php contains a function called TestConfig() that calls the vulnerab...
Combodo Itop
7.5
CVSSv3
CVE-2021-32663
iTop is an open source web based IT Service Management tool. In affected versions an attacker can call the system setup without authentication. Given specific parameters this can lead to SSRF. This issue has been resolved in versions 2.6.5 and 2.7.5 and later
Combodo Itop
8.1
CVSSv3
CVE-2021-41245
Combodo iTop is a web based IT Service Management tool. In versions before 2.7.6 and 3.0.0, CSRF tokens generated by `privUITransactionFile` aren't properly checked. Versions 2.7.6 and 3.0.0 contain a patch for this issue. As a workaround, use the session implementation by a...
Combodo Itop
6.1
CVSSv3
CVE-2023-34446
iTop is an open source, web-based IT service management platform. Prior to versions 3.0.4 and 3.1.0, when displaying `pages/preferences.php`, cross site scripting is possible. This issue is fixed in versions 3.0.4 and 3.1.0.
Combodo Itop 3.0.3
6.1
CVSSv3
CVE-2022-31402
ITOP v3.0.1 exists to contain a cross-site scripting (XSS) vulnerability via /itop/webservices/export-v2.php.
Combodo Itop 3.0.1
6.1
CVSSv3
CVE-2022-31403
ITOP v3.0.1 exists to contain a cross-site scripting (XSS) vulnerability via /itop/pages/ajax.render.php.
Combodo Itop 3.0.1
5.4
CVSSv3
CVE-2022-24870
Combodo iTop is a web based IT Service Management tool. In 3.0.0 beta releases before 3.0.0 beta3 a malicious script can be injected in tooltips using iTop customization mechanism. This provides a stored cross site scripting attack vector to authorized users of the system. Users ...
Combodo Itop 3.0.0
6.1
CVSSv3
CVE-2023-47488
Cross Site Scripting vulnerability in Combodo iTop v.3.1.0-2-11973 allows a local malicious user to obtain sensitive information via a crafted script to the attrib_manager_id parameter in the General Information page and the id parameter in the contact page.
Combodo Itop 3.1.0-2-11973
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
privilege escalation
CVE-2024-20696
CVE-2024-29829
CVE-2024-33999
CVE-2024-35646
physical
CVE-2024-24919
CVE-2024-31030
local users
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
NEXT »