Shodan
Vulnerabilities
Vulnerable Software
Combodo:  >> Itop  Security Vulnerabilities
CVE-2023-43790
iTop is an IT service management platform. By manipulating HTTP queries, a user can inject malicious content in the fields used for the object friendlyname value. This vulnerability is fixed in 3.1.1 and 3.2.0.
CVSS Score
5.7
EPSS Score
0.011
Published
2024-04-15
CVE-2023-38511
iTop is an IT service management platform. Dashboard editor : can load multiple files and URL, and full path disclosure on dashboard config file. This vulnerability is fixed in 3.0.4 and 3.1.1.
CVSS Score
5.0
EPSS Score
0.006
Published
2024-04-15
CVE-2023-47488
Cross Site Scripting vulnerability in Combodo iTop v.3.1.0-2-11973 allows a local attacker to obtain sensitive information via a crafted script to the attrib_manager_id parameter in the General Information page and the id parameter in the contact page.
CVSS Score
6.1
EPSS Score
0.039
Published
2023-11-09
CVE-2023-47489
CSV injection in export as csv in Combodo iTop v.3.1.0-2-11973 allows a local attacker to execute arbitrary code via a crafted script to the export-v2.php and ajax.render.php components.
CVSS Score
7.8
EPSS Score
0.001
Published
2023-11-09
CVE-2023-34446
iTop is an open source, web-based IT service management platform. Prior to versions 3.0.4 and 3.1.0, when displaying `pages/preferences.php`, cross site scripting is possible. This issue is fixed in versions 3.0.4 and 3.1.0.
CVSS Score
8.8
EPSS Score
0.008
Published
2023-10-25
CVE-2023-34447
iTop is an open source, web-based IT service management platform. Prior to versions 3.0.4 and 3.1.0, on `pages/UI.php`, cross site scripting is possible. This issue is fixed in versions 3.0.4 and 3.1.0.
CVSS Score
8.8
EPSS Score
0.012
Published
2023-10-25
CVE-2022-39214
Combodo iTop is an open source, web-based IT service management platform. Prior to versions 2.7.8 and 3.0.2-1, a user who can log in on iTop is able to take over any account just by knowing the account's username. This issue is fixed in versions 2.7.8 and 3.0.2-1.
CVSS Score
9.6
EPSS Score
0.022
Published
2023-03-14
CVE-2022-39216
Combodo iTop is an open source, web-based IT service management platform. Prior to versions 2.7.8 and 3.0.2-1, the reset password token is generated without any randomness parameter. This may lead to account takeover. The issue is fixed in versions 2.7.8 and 3.0.2-1.
CVSS Score
7.4
EPSS Score
0.002
Published
2023-03-14
CVE-2022-31403
ITOP v3.0.1 was discovered to contain a cross-site scripting (XSS) vulnerability via /itop/pages/ajax.render.php.
CVSS Score
6.1
EPSS Score
0.03
Published
2022-06-14
CVE-2022-31402
ITOP v3.0.1 was discovered to contain a cross-site scripting (XSS) vulnerability via /itop/webservices/export-v2.php.
CVSS Score
6.1
EPSS Score
0.167
Published
2022-06-10


Products
Pricing
Contact Us

Shodan ® - All rights reserved