VYPR
Unrated severityNVD Advisory· Published Jan 12, 2021· Updated Aug 4, 2024

Information disclosure vulnerability in iTop

CVE-2020-4079

Description

Combodo iTop is a web based IT Service Management tool. In iTop before versions 2.7.2 and 2.8.0, when the ajax endpoint for the "excel export" portal functionality is called directly it allows getting data without scope filtering. This allows a user to access data they which they should not have access to. This is fixed in versions 2.7.2 and 3.0.0.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

2
  • Combodo/Itopllm-fuzzy2 versions
    <2.7.2+ 1 more
    • (no CPE)range: <2.7.2
    • (no CPE)range: < 2.7.2

Patches

Vulnerability mechanics

References

1

News mentions

0

No linked articles in our index yet.