Analyzed
about 7 hours
ago.
based on code collected
about 7 hours
ago.
Major Versions
click and drag to zoom
Security Vulnerabilities for Version:
Severities:
Type
|
Identifier
|
Related Record |
Severity
|
Date Published
|
Description | Versions Affected |
|---|---|---|---|---|---|
| CVE-2025-48055 | BDSA-2025-20663 | Medium | Nov 10, 2025 | Combodo iTop is a web based IT service management tool. In versions prior to 3.2.2, when displaying content in a browse brick in the user portal, a cro more... |
2.7.13, 3.2.1, 3.1.3, 2.7.12, 3.1.2, 2.7.11, 3.2.0, 3.0.4, 2.7.10, 2.7.9
|
| CVE-2025-24969 | BDSA-2025-4176 | Medium | May 14, 2025 | iTop is an web based IT Service Management tool. Prior to version 3.2.1, a portal user can see any other contacts picture by changing the picture ID in more... |
2.7.13, 3.1.3, 2.7.12, 3.1.2, 2.7.11, 3.2.0, 3.0.4, 2.7.10, 2.7.9, 3.1.0
|
| CVE-2025-24026 | BDSA-2025-4174 | Medium | May 14, 2025 | iTop is an web based IT Service Management tool. Versions prior to 3.2.1 are vulnerable to regular expression denial of service (ReDoS) that may, under more... |
2.7.13, 3.1.3, 2.7.12, 3.1.2, 2.7.11, 3.2.0, 3.0.4, 2.7.10, 2.7.9, 3.1.0
|
| CVE-2024-56157 | BDSA-2025-4171 | Medium | May 14, 2025 | iTop is an web based IT Service Management tool. Prior to versions 3.1.3 and 3.2.1, by filling malicious code in a CSV content, a cross-site scripting more... |
2.7.13, 2.7.12, 3.1.2, 2.7.11, 3.2.0, 3.0.4, 2.7.10, 2.7.9, 3.1.0, 3.0.3
|
| CVE-2024-52002 | BDSA-2024-8443 | High | Nov 08, 2024 | Combodo iTop is a simple, web based IT Service Management tool. Several url endpoints are subject to a Cross-Site Request Forgery (CSRF) vulnerability. more... |
2.7.13, 3.1.3, 2.7.12, 3.1.2, 2.7.11, 3.0.4, 2.7.10, 2.7.9, 3.1.0, 3.0.3
|
| CVE-2024-52001 | BDSA-2024-8448 | Medium | Nov 08, 2024 | Combodo iTop is a simple, web based IT Service Management tool. In affected versions portal users are able to access forbidden services information. Th more... |
2.7.13, 3.1.3, 2.7.12, 3.1.2, 2.7.11, 3.0.4, 2.7.10, 2.7.9, 3.1.0, 3.0.3
|
| CVE-2024-52000 | BDSA-2024-8439 | Medium | Nov 08, 2024 | Combodo iTop is a simple, web based IT Service Management tool. Affected versions are subject to a reflected Cross-site Scripting (XSS) exploit by way more... |
2.7.13, 3.1.3, 2.7.12, 3.1.2, 2.7.11, 3.0.4, 2.7.10, 2.7.9, 3.1.0, 3.0.3
|
| CVE-2024-51995 | BDSA-2024-8330 | High | Nov 07, 2024 | Combodo iTop is a web based IT Service Management tool. An attacker can request any `route` we want as long as we specify an `operation` that is allowe more... |
2.7.13, 3.1.3, 2.7.12, 3.1.2, 2.7.11, 3.0.4, 2.7.10, 2.7.9, 3.1.0, 3.0.3
|
| CVE-2024-51993 | BDSA-2024-8493 | Low | Nov 07, 2024 | Combodo iTop is a web based IT Service Management tool. An attacker accessing a backup file or the database can read some passwords for misconfigured U more... |
2.7.13, 3.1.3, 2.7.12, 3.1.2, 2.7.11, 3.0.4, 2.7.10, 2.7.9, 3.1.0, 3.0.3
|
| CVE-2024-31998 | BDSA-2024-8102 | High | Nov 05, 2024 | Combodo iTop is a simple, web based IT Service Management tool. A CSRF can be performed on CSV import simulation. This issue has been fixed in versions more... |
2.7.13, 2.7.12, 2.7.11, 3.0.4, 2.7.10, 2.7.9, 3.1.0, 3.0.3, 2.7.8, 3.0.2
|
