Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
combodo itop 3.0.0 vulnerabilities and exploits
(subscribe to this query)
8.8
CVSSv3
CVE-2022-24780
Combodo iTop is a web based IT Service Management tool. In versions before 2.7.6 and 3.0.0, users of the iTop user portal can send TWIG code to the server by forging specific http queries, and execute arbitrary code on the server using http server user privileges. This issue is f...
Combodo Itop 3.0.0
Combodo Itop
1 Github repository
7.5
CVSSv3
CVE-2020-12777
A function in Combodo iTop contains a vulnerability of Broken Access Control, which allows unauthorized malicious user to inject command and disclose system information.
Combodo Itop 3.0.0
Combodo Itop
6.5
CVSSv3
CVE-2021-32775
Combodo iTop is a web based IT Service Management tool. In versions before 2.7.4, a non admin user can get access to many class/field values through GroupBy Dashlet error message. This issue is fixed in versions 2.7.4 and 3.0.0.
Combodo Itop
Combodo Itop 3.0.0
6.8
CVSSv3
CVE-2020-15218
Combodo iTop is a web based IT Service Management tool. In iTop prior to 2.7.2 and 3.0.0, admin pages are cached, so that their content is visible after deconnection by using the browser back button. This is fixed in versions 2.7.2 and 3.0.0.
Combodo Itop
Combodo Itop 3.0.0
5.4
CVSSv3
CVE-2020-15221
Combodo iTop is a web based IT Service Management tool. In iTop prior to 2.7.2 and 3.0.0, by modifying target browser local storage, an XSS can be generated in the iTop console breadcrumb. This is fixed in versions 2.7.2 and 3.0.0.
Combodo Itop
Combodo Itop 3.0.0
4.3
CVSSv3
CVE-2020-15219
Combodo iTop is a web based IT Service Management tool. In iTop prior to 2.7.2 and 3.0.0, when a download error is triggered in the user portal, an SQL query is displayed to the user. This is fixed in versions 2.7.2 and 3.0.0.
Combodo Itop
Combodo Itop 3.0.0
6.1
CVSSv3
CVE-2020-15220
Combodo iTop is a web based IT Service Management tool. In iTop prior to 2.7.2 and 3.0.0, two cookies are created for the same session, which leads to a possibility to steal user session. This is fixed in versions 2.7.2 and 3.0.0.
Combodo Itop
Combodo Itop 3.0.0
8.8
CVSSv3
CVE-2021-32776
Combodo iTop is a web based IT Service Management tool. In versions before 2.7.4, CSRF tokens can be reused by a malicious user, as on Windows servers no cleanup is done on CSRF tokens. This issue is fixed in versions 2.7.4 and 3.0.0.
Combodo Itop
Combodo Itop 3.0.0
8.8
CVSSv3
CVE-2020-12781
Combodo iTop contains a cross-site request forgery (CSRF) vulnerability, attackers can execute specific commands via malicious site request forgery.
Combodo Itop 3.0.0
Combodo Itop
6.1
CVSSv3
CVE-2020-12778
Combodo iTop does not validate inputted parameters, attackers can inject malicious commands and launch XSS attack.
Combodo Itop 3.0.0
Combodo Itop
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-26925
CVE-2023-41826
LFI
CVE-2022-22364
CVE-2024-2887
command injection
remote code execution
CVE-2024-34446
CVE-2022-48699
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
NEXT »