CVSS: 6.8EPSS: 0%CPEs: 2EXPL: 0CVE-2020-15218 – Admin pages are cached and can be embedded
https://notcve.org/view.php?id=CVE-2020-15218
Combodo iTop is a web based IT Service Management tool. In iTop before versions 2.7.2 and 3.0.0, admin pages are cached, so that their content is visible after deconnection by using the browser back button. This is fixed in versions 2.7.2 and 3.0.0. Combodo iTop es una herramienta de Administración de Servicios de TI basada en web. En iTop versiones anteriores a 2.7.2 y 3.0.0, las páginas de administración son almacenadas en caché, por lo que su contenido es visible después de la desconexión usando el botón de retroceso del navegador. • https://github.com/Combodo/iTop/security/advisories/GHSA-3m3g-86hp-5p2j • CWE-613: Insufficient Session Expiration •
CVSS: 7.7EPSS: 0%CPEs: 2EXPL: 0CVE-2020-4079 – Information disclosure vulnerability in iTop
https://notcve.org/view.php?id=CVE-2020-4079
Combodo iTop is a web based IT Service Management tool. In iTop before versions 2.7.2 and 2.8.0, when the ajax endpoint for the "excel export" portal functionality is called directly it allows getting data without scope filtering. This allows a user to access data they which they should not have access to. This is fixed in versions 2.7.2 and 3.0.0. Combodo iTop es una herramienta de IT Service Management basada en la web. • https://github.com/Combodo/iTop/security/advisories/GHSA-vcv9-xp3j-7jwh • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 8.8EPSS: 0%CPEs: 12EXPL: 0CVE-2020-12781 – Combodo iTop - CSRF
https://notcve.org/view.php?id=CVE-2020-12781
Combodo iTop contains a cross-site request forgery (CSRF) vulnerability, attackers can execute specific commands via malicious site request forgery. Combodo iTop contiene una vulnerabilidad de tipo cross-site request forgery (CSRF), los atacantes pueden ejecutar comandos específicos por medio de la falsificación de peticiones de un sitio malicioso • https://github.com/Combodo/iTop/security/advisories/GHSA-34rq-vfmf-gg5v https://www.twcert.org.tw/tw/cp-132-3837-050db-1.html • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2020-12780 – Combodo iTop - Security Misconfiguration
https://notcve.org/view.php?id=CVE-2020-12780
A security misconfiguration exists in Combodo iTop, which can expose sensitive information. Existe una configuración incorrecta de seguridad en Combodo iTop, que puede exponer información confidencial • https://github.com/Combodo/iTop/security/advisories/GHSA-97cw-cjxc-9x78 https://www.twcert.org.tw/tw/cp-132-3836-47d6c-1.html • CWE-863: Incorrect Authorization •
CVSS: 6.8EPSS: 0%CPEs: 2EXPL: 0CVE-2020-12779 – Combodo iTop - Stored XSS
https://notcve.org/view.php?id=CVE-2020-12779
Combodo iTop contains a stored Cross-site Scripting vulnerability, which can be attacked by uploading file with malicious script. Combodo iTop contiene una vulnerabilidad de tipo Cross-site Scripting almacenado, que puede ser atacada mediante la carga de un archivo con un script malicioso • https://github.com/Combodo/iTop/security/advisories/GHSA-qqrf-j8qv-g247 https://www.twcert.org.tw/tw/cp-132-3835-e8e8f-1.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •