NotCVE - vendor:"Combodo" product:"ITop" version:"

Page 5 of 62 results (0.009 seconds)

CVSS: 8.8EPSS: 0%CPEs: 3EXPL: 0

CVE-2021-21406 – Command Injection vulnerability in the Setup Wizard

https://notcve.org/view.php?id=CVE-2021-21406

21 Jul 2021 — Combodo iTop is an open source, web based IT Service Management tool. In versions prior to 2.7.4, there is a command injection vulnerability in the Setup Wizard when providing Graphviz executable path. The vulnerability is patched in version 2.7.4 and 3.0.0. Combodo iTop es una herramienta de administración de servicios de TI de código abierto basada en la web. En versiones anteriores a 2.7.4, se presenta una vulnerabilidad de inyección de comandos en el Asistente de Configuración cuando se proporciona la r... • https://github.com/Combodo/iTop/security/advisories/GHSA-pf95-6h7q-q85x • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •

CVSS: 6.8EPSS: 0%CPEs: 2EXPL: 0

CVE-2020-15221 – XSS in the breadcrumbs

https://notcve.org/view.php?id=CVE-2020-15221

13 Jan 2021 — Combodo iTop is a web based IT Service Management tool. In iTop before versions 2.7.2 and 3.0.0, by modifying target browser local storage, an XSS can be generated in the iTop console breadcrumb. This is fixed in versions 2.7.2 and 3.0.0. Combodo iTop es una herramienta de Administración de Servicios de TI basada en web. En iTop versiones anteriores a 2.7.2 y 3.0.0, al modificar el almacenamiento local del navegador de destino, una vulnerabilidad de tipo XSS puede ser generada en la ruta de navegación ... • https://github.com/Combodo/iTop/security/advisories/GHSA-w6g2-p7pf-7hvw • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 6.1EPSS: 0%CPEs: 2EXPL: 0

CVE-2020-15220 – Session fixation

https://notcve.org/view.php?id=CVE-2020-15220

13 Jan 2021 — Combodo iTop is a web based IT Service Management tool. In iTop before versions 2.7.2 and 3.0.0, two cookies are created for the same session, which leads to a possibility to steal user session. This is fixed in versions 2.7.2 and 3.0.0. Combodo iTop es una herramienta de Administración de Servicios de TI basada en web. En iTop versiones anteriores a 2.7.2 y 3.0.0, dos cookies son creadas para la misma sesión, lo que conlleva a la posibilidad de robar una sesión de usuario. • https://github.com/Combodo/iTop/security/advisories/GHSA-qw4q-cmcv-7vv2 • CWE-613: Insufficient Session Expiration •

CVSS: 4.3EPSS: 0%CPEs: 2EXPL: 0

CVE-2020-15219 – SQL query displayed on portal error

https://notcve.org/view.php?id=CVE-2020-15219

13 Jan 2021 — Combodo iTop is a web based IT Service Management tool. In iTop before versions 2.7.2 and 3.0.0, when a download error is triggered in the user portal, an SQL query is displayed to the user. This is fixed in versions 2.7.2 and 3.0.0. Combodo iTop es una herramienta de Administración de Servicios de TI basada en web. En iTop versiones anteriores a 2.7.2 y 3.0.0, cuando un error de descarga es activado en el portal del usuario, una consulta SQL es mostrada al usuario. • https://github.com/Combodo/iTop/security/advisories/GHSA-q5cf-46rg-frf8 • CWE-209: Generation of Error Message Containing Sensitive Information •

CVSS: 6.8EPSS: 0%CPEs: 2EXPL: 0

CVE-2020-15218 – Admin pages are cached and can be embedded

https://notcve.org/view.php?id=CVE-2020-15218

13 Jan 2021 — Combodo iTop is a web based IT Service Management tool. In iTop before versions 2.7.2 and 3.0.0, admin pages are cached, so that their content is visible after deconnection by using the browser back button. This is fixed in versions 2.7.2 and 3.0.0. Combodo iTop es una herramienta de Administración de Servicios de TI basada en web. En iTop versiones anteriores a 2.7.2 y 3.0.0, las páginas de administración son almacenadas en caché, por lo que su contenido es visible después de la desconexión usando el ... • https://github.com/Combodo/iTop/security/advisories/GHSA-3m3g-86hp-5p2j • CWE-613: Insufficient Session Expiration •

CVSS: 7.7EPSS: 0%CPEs: 2EXPL: 0

CVE-2020-4079 – Information disclosure vulnerability in iTop

https://notcve.org/view.php?id=CVE-2020-4079

12 Jan 2021 — Combodo iTop is a web based IT Service Management tool. In iTop before versions 2.7.2 and 2.8.0, when the ajax endpoint for the "excel export" portal functionality is called directly it allows getting data without scope filtering. This allows a user to access data they which they should not have access to. This is fixed in versions 2.7.2 and 3.0.0. Combodo iTop es una herramienta de IT Service Management basada en la web. • https://github.com/Combodo/iTop/security/advisories/GHSA-vcv9-xp3j-7jwh • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •

CVSS: 8.8EPSS: 0%CPEs: 12EXPL: 0

CVE-2020-12781 – Combodo iTop - CSRF

https://notcve.org/view.php?id=CVE-2020-12781

10 Aug 2020 — Combodo iTop contains a cross-site request forgery (CSRF) vulnerability, attackers can execute specific commands via malicious site request forgery. Combodo iTop contiene una vulnerabilidad de tipo cross-site request forgery (CSRF), los atacantes pueden ejecutar comandos específicos por medio de la falsificación de peticiones de un sitio malicioso • https://github.com/Combodo/iTop/security/advisories/GHSA-34rq-vfmf-gg5v • CWE-352: Cross-Site Request Forgery (CSRF) •

CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0

CVE-2020-12780 – Combodo iTop - Security Misconfiguration

https://notcve.org/view.php?id=CVE-2020-12780

10 Aug 2020 — A security misconfiguration exists in Combodo iTop, which can expose sensitive information. Existe una configuración incorrecta de seguridad en Combodo iTop, que puede exponer información confidencial • https://github.com/Combodo/iTop/security/advisories/GHSA-97cw-cjxc-9x78 • CWE-863: Incorrect Authorization •

CVSS: 6.8EPSS: 0%CPEs: 2EXPL: 0

CVE-2020-12779 – Combodo iTop - Stored XSS

https://notcve.org/view.php?id=CVE-2020-12779

10 Aug 2020 — Combodo iTop contains a stored Cross-site Scripting vulnerability, which can be attacked by uploading file with malicious script. Combodo iTop contiene una vulnerabilidad de tipo Cross-site Scripting almacenado, que puede ser atacada mediante la carga de un archivo con un script malicioso • https://github.com/Combodo/iTop/security/advisories/GHSA-qqrf-j8qv-g247 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 7.4EPSS: 0%CPEs: 12EXPL: 0

CVE-2020-12778 – Combodo iTop - Reflected XSS

https://notcve.org/view.php?id=CVE-2020-12778

10 Aug 2020 — Combodo iTop does not validate inputted parameters, attackers can inject malicious commands and launch XSS attack. Combodo iTop no comprueba los parámetros ingresados, los atacantes pueden inyectar comandos maliciosos e iniciar un ataque de tipo XSS • https://github.com/Combodo/iTop/security/advisories/GHSA-8vpf-8vjh-5fcv • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

1...3 4 5 6 7