Combodo iTop is a web based IT Service Management tool. In versions prior to 2.7.6 and 3.0.0, CSRF tokens generated by `privUITransactionFile` aren't properly checked. Versions 2.7.6 and 3.0.0 contain a patch for this issue. As a workaround, use the session implementation by adding in the iTop config file.
CVSS Score
6.5
EPSS Score
0.001
Published
2022-04-05
Combodo iTop is a web based IT Service Management tool. In versions prior to 2.7.4, a non admin user can get access to many class/field values through GroupBy Dashlet error message. This issue is fixed in versions 2.7.4 and 3.0.0.
CVSS Score
7.7
EPSS Score
0.003
Published
2021-07-21
Combodo iTop is a web based IT Service Management tool. In versions prior to 2.7.4, CSRF tokens can be reused by a malicious user, as on Windows servers no cleanup is done on CSRF tokens. This issue is fixed in versions 2.7.4 and 3.0.0.
CVSS Score
6.8
EPSS Score
0.001
Published
2021-07-21
Combodo iTop is an open source, web based IT Service Management tool. Prior to version 2.7.4, the CSRF token validation can be bypassed through iTop portal via a tricky browser procedure. The vulnerability is patched in version 2.7.4 and 3.0.0.
CVSS Score
8.0
EPSS Score
0.002
Published
2021-07-21
Combodo iTop is an open source, web based IT Service Management tool. In versions prior to 2.7.4, there is a command injection vulnerability in the Setup Wizard when providing Graphviz executable path. The vulnerability is patched in version 2.7.4 and 3.0.0.
CVSS Score
5.8
EPSS Score
0.006
Published
2021-07-21
Page 5