CVSS: 4.3EPSS: 0%CPEs: 2EXPL: 0CVE-2020-15219 – SQL query displayed on portal error
https://notcve.org/view.php?id=CVE-2020-15219
Combodo iTop is a web based IT Service Management tool. In iTop before versions 2.7.2 and 3.0.0, when a download error is triggered in the user portal, an SQL query is displayed to the user. This is fixed in versions 2.7.2 and 3.0.0. Combodo iTop es una herramienta de Administración de Servicios de TI basada en web. En iTop versiones anteriores a 2.7.2 y 3.0.0, cuando un error de descarga es activado en el portal del usuario, una consulta SQL es mostrada al usuario. • https://github.com/Combodo/iTop/security/advisories/GHSA-q5cf-46rg-frf8 • CWE-209: Generation of Error Message Containing Sensitive Information •
CVSS: 6.8EPSS: 0%CPEs: 2EXPL: 0CVE-2020-15218 – Admin pages are cached and can be embedded
https://notcve.org/view.php?id=CVE-2020-15218
Combodo iTop is a web based IT Service Management tool. In iTop before versions 2.7.2 and 3.0.0, admin pages are cached, so that their content is visible after deconnection by using the browser back button. This is fixed in versions 2.7.2 and 3.0.0. Combodo iTop es una herramienta de Administración de Servicios de TI basada en web. En iTop versiones anteriores a 2.7.2 y 3.0.0, las páginas de administración son almacenadas en caché, por lo que su contenido es visible después de la desconexión usando el botón de retroceso del navegador. • https://github.com/Combodo/iTop/security/advisories/GHSA-3m3g-86hp-5p2j • CWE-613: Insufficient Session Expiration •
CVSS: 7.7EPSS: 0%CPEs: 2EXPL: 0CVE-2020-4079 – Information disclosure vulnerability in iTop
https://notcve.org/view.php?id=CVE-2020-4079
Combodo iTop is a web based IT Service Management tool. In iTop before versions 2.7.2 and 2.8.0, when the ajax endpoint for the "excel export" portal functionality is called directly it allows getting data without scope filtering. This allows a user to access data they which they should not have access to. This is fixed in versions 2.7.2 and 3.0.0. Combodo iTop es una herramienta de IT Service Management basada en la web. • https://github.com/Combodo/iTop/security/advisories/GHSA-vcv9-xp3j-7jwh • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 8.8EPSS: 0%CPEs: 12EXPL: 0CVE-2020-12781 – Combodo iTop - CSRF
https://notcve.org/view.php?id=CVE-2020-12781
Combodo iTop contains a cross-site request forgery (CSRF) vulnerability, attackers can execute specific commands via malicious site request forgery. Combodo iTop contiene una vulnerabilidad de tipo cross-site request forgery (CSRF), los atacantes pueden ejecutar comandos específicos por medio de la falsificación de peticiones de un sitio malicioso • https://github.com/Combodo/iTop/security/advisories/GHSA-34rq-vfmf-gg5v https://www.twcert.org.tw/tw/cp-132-3837-050db-1.html • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2020-12780 – Combodo iTop - Security Misconfiguration
https://notcve.org/view.php?id=CVE-2020-12780
A security misconfiguration exists in Combodo iTop, which can expose sensitive information. Existe una configuración incorrecta de seguridad en Combodo iTop, que puede exponer información confidencial • https://github.com/Combodo/iTop/security/advisories/GHSA-97cw-cjxc-9x78 https://www.twcert.org.tw/tw/cp-132-3836-47d6c-1.html • CWE-863: Incorrect Authorization •