VYPR
Unrated severityNVD Advisory· Published Jan 13, 2021· Updated Aug 4, 2024

Session fixation

CVE-2020-15220

Description

Combodo iTop is a web based IT Service Management tool. In iTop before versions 2.7.2 and 3.0.0, two cookies are created for the same session, which leads to a possibility to steal user session. This is fixed in versions 2.7.2 and 3.0.0.

Affected products

2
  • Combodo/Itopllm-fuzzy2 versions
    >=2.7.0 <2.7.2+ 1 more
    • (no CPE)range: >=2.7.0 <2.7.2
    • (no CPE)range: < 2.7.2

Patches

Vulnerability mechanics

References

1

News mentions

0

No linked articles in our index yet.