Unrated severityNVD Advisory· Published Jan 13, 2021· Updated Aug 4, 2024
Session fixation
CVE-2020-15220
Description
Combodo iTop is a web based IT Service Management tool. In iTop before versions 2.7.2 and 3.0.0, two cookies are created for the same session, which leads to a possibility to steal user session. This is fixed in versions 2.7.2 and 3.0.0.
Affected products
2Patches
Vulnerability mechanics
References
1- github.com/Combodo/iTop/security/advisories/GHSA-qw4q-cmcv-7vv2mitrex_refsource_CONFIRM
News mentions
0No linked articles in our index yet.