Combodo iTop is a web based IT Service Management tool. In versions before 2.7.6 and 3.0.0, CSRF tokens generated by `privUITransactionFile` aren't properly checked. Versions 2.7.6 and 3.0.0 contain a patch for this issue. As a workaround, use the session implementation by adding in the iTop config file.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
combodo itop |