| Max CVSS | 6.8 | Min CVSS | 4.3 | Total Count | 2 |
| ID | CVSS | Summary | Last (major) update | Published | |
| CVE-2019-13967 | 5.0 |
iTop 2.2.0 through 2.6.0 allows remote attackers to cause a denial of service (application outage) via many requests to launch a compile operation. The requests use the pages/exec.php?exec_env=production&exec_module=itop-hub-connector&exec_page=ajax.
|
24-08-2020 - 17:37 | 14-02-2020 - 22:15 | |
| CVE-2019-11215 | 6.8 |
In Combodo iTop 2.2.0 through 2.6.0, if the configuration file is writable, then execution of arbitrary code can be accomplished by calling ajax.dataloader with a maliciously crafted payload. Many conditions can place the configuration file into a wr
|
24-08-2020 - 17:37 | 14-02-2020 - 18:15 | |
| CVE-2019-13966 | 4.3 |
In iTop through 2.6.0, an XSS payload can be delivered in certain fields (such as icon) of the XML file used to build the dashboard. This is similar to CVE-2015-6544 (which is only about the dashboard title).
|
19-02-2020 - 13:51 | 14-02-2020 - 22:15 | |
| CVE-2019-13965 | 4.3 |
Because of a lack of sanitization around error messages, multiple Reflective XSS issues exist in iTop through 2.6.0 via the param_file parameter to webservices/export.php, webservices/cron.php, or env-production/itop-backup/backup.php. By default, an
|
19-02-2020 - 13:44 | 14-02-2020 - 22:15 |