iTop VPN

CVEs (14)

CVE	Vendor / Product	Sev	Risk	CVSS	EPSS	Published	Description
CVE-2024-53588	JonathanLauener Itop Privesc	Hig	0.51	7.8	0.00	Jan 23, 2025	A DLL hijacking vulnerability in iTop VPN v16.0 allows attackers to execute arbitrary code via placing a crafted DLL file into the path \ProgramData\iTop VPN\Downloader\vpn6.
CVE-2011-4275	Combodo Itop		0.03	—	0.01	Nov 26, 2011	Multiple cross-site scripting (XSS) vulnerabilities in iTop (aka IT Operations Portal) 1.1.181 and 1.2.0-RC-282 allow remote attackers to inject arbitrary web script or HTML via (1) a crafted company name, (2) a crafted database server name, (3) a crafted CSV file, (4) a crafted…
CVE-2022-31402	iTop VPN iTop VPN		0.01	—	0.17	Jun 10, 2022	ITOP v3.0.1 was discovered to contain a cross-site scripting (XSS) vulnerability via /itop/webservices/export-v2.php.
CVE-2023-48710	Combodo Itop		0.00	—	0.00	Apr 15, 2024	iTop is an IT service management platform. Files from the `env-production` folder can be retrieved even though they should have restricted access. Hopefully, there is no sensitive files stored in that folder natively, but there could be from a third-party module. The…
CVE-2023-47622	Combodo Itop		0.00	—	0.01	Apr 15, 2024	iTop is an IT service management platform. When dashlet are refreshed, XSS attacks are possible. This vulnerability is fixed in 3.0.4 and 3.1.1.
CVE-2023-45808	Combodo Itop		0.00	—	0.00	Apr 15, 2024	iTop is an IT service management platform. When creating or updating an object, extkey values aren't checked to be in the current user silo. In other words, by forging an http request, the user can create objects pointing to out of silo objects (for example a UserRequest in an…
CVE-2023-44396	Combodo Itop		0.00	—	0.01	Apr 15, 2024	iTop is an IT service management platform. Dashlet edits ajax endpoints can be used to produce XSS. Fixed in iTop 2.7.10, 3.0.4, and 3.1.1.
CVE-2023-43790	Combodo Itop		0.00	—	0.01	Apr 15, 2024	iTop is an IT service management platform. By manipulating HTTP queries, a user can inject malicious content in the fields used for the object friendlyname value. This vulnerability is fixed in 3.1.1 and 3.2.0.
CVE-2024-24272	iTop VPN iTop VPN		0.00	—	0.00	Mar 21, 2024	An issue in iTop DualSafe Password Manager & Digital Vault before 1.4.24 allows a local attacker to obtain sensitive information via leaked credentials as plaintext in a log file that can be accessed by the local user without knowledge of the master secret.
CVE-2022-24141	iTop VPN iTop VPN		0.00	—	0.00	Jul 6, 2022	The iTopVPNmini.exe component of iTop VPN 3.2 will try to connect to datastate_iTopVPN_Pipe_Server on a loop. An attacker that opened a named pipe with the same name can use it to gain the token of another user by listening for connections and abusing…
CVE-2022-24140	Iobit Advanced System Care		0.00	—	0.02	Jul 6, 2022	IOBit Advanced System Care 15, iTop Screen Recorder 2.1, iTop VPN 3.2, Driver Booster 9, and iTop Screenshot sends HTTP requests in their update procedure in order to download a config file. After downloading the config file, the products will parse the HTTP location of the…
CVE-2022-31403	iTop VPN iTop VPN		0.00	—	0.02	Jun 14, 2022	ITOP v3.0.1 was discovered to contain a cross-site scripting (XSS) vulnerability via /itop/pages/ajax.render.php.
CVE-2019-13966	iTop VPN iTop VPN		0.00	—	0.00	Feb 14, 2020	In iTop through 2.6.0, an XSS payload can be delivered in certain fields (such as icon) of the XML file used to build the dashboard. This is similar to CVE-2015-6544 (which is only about the dashboard title).
CVE-2019-13965	iTop VPN iTop VPN		0.00	—	0.00	Feb 14, 2020	Because of a lack of sanitization around error messages, multiple Reflective XSS issues exist in iTop through 2.6.0 via the param_file parameter to webservices/export.php, webservices/cron.php, or env-production/itop-backup/backup.php. By default, any XSS sent to the…

CVE-2024-53588HigJan 23, 2025
JonathanLauener
Itop Privesc
risk 0.51cvss 7.8epss 0.00
A DLL hijacking vulnerability in iTop VPN v16.0 allows attackers to execute arbitrary code via placing a crafted DLL file into the path \ProgramData\iTop VPN\Downloader\vpn6.
CVE-2011-4275Nov 26, 2011
Combodo
Itop
risk 0.03cvss —epss 0.01
Multiple cross-site scripting (XSS) vulnerabilities in iTop (aka IT Operations Portal) 1.1.181 and 1.2.0-RC-282 allow remote attackers to inject arbitrary web script or HTML via (1) a crafted company name, (2) a crafted database server name, (3) a crafted CSV file, (4) a crafted…
CVE-2022-31402Jun 10, 2022
iTop VPN
iTop VPN
risk 0.01cvss —epss 0.17
ITOP v3.0.1 was discovered to contain a cross-site scripting (XSS) vulnerability via /itop/webservices/export-v2.php.
CVE-2023-48710Apr 15, 2024
Combodo
Itop
risk 0.00cvss —epss 0.00
iTop is an IT service management platform. Files from the `env-production` folder can be retrieved even though they should have restricted access. Hopefully, there is no sensitive files stored in that folder natively, but there could be from a third-party module. The…
CVE-2023-47622Apr 15, 2024
Combodo
Itop
risk 0.00cvss —epss 0.01
iTop is an IT service management platform. When dashlet are refreshed, XSS attacks are possible. This vulnerability is fixed in 3.0.4 and 3.1.1.
CVE-2023-45808Apr 15, 2024
Combodo
Itop
risk 0.00cvss —epss 0.00
iTop is an IT service management platform. When creating or updating an object, extkey values aren't checked to be in the current user silo. In other words, by forging an http request, the user can create objects pointing to out of silo objects (for example a UserRequest in an…
CVE-2023-44396Apr 15, 2024
Combodo
Itop
risk 0.00cvss —epss 0.01
iTop is an IT service management platform. Dashlet edits ajax endpoints can be used to produce XSS. Fixed in iTop 2.7.10, 3.0.4, and 3.1.1.
CVE-2023-43790Apr 15, 2024
Combodo
Itop
risk 0.00cvss —epss 0.01
iTop is an IT service management platform. By manipulating HTTP queries, a user can inject malicious content in the fields used for the object friendlyname value. This vulnerability is fixed in 3.1.1 and 3.2.0.
CVE-2024-24272Mar 21, 2024
iTop VPN
iTop VPN
risk 0.00cvss —epss 0.00
An issue in iTop DualSafe Password Manager & Digital Vault before 1.4.24 allows a local attacker to obtain sensitive information via leaked credentials as plaintext in a log file that can be accessed by the local user without knowledge of the master secret.
CVE-2022-24141Jul 6, 2022
iTop VPN
iTop VPN
risk 0.00cvss —epss 0.00
The iTopVPNmini.exe component of iTop VPN 3.2 will try to connect to datastate_iTopVPN_Pipe_Server on a loop. An attacker that opened a named pipe with the same name can use it to gain the token of another user by listening for connections and abusing…
CVE-2022-24140Jul 6, 2022
Iobit
Advanced System Care
risk 0.00cvss —epss 0.02
IOBit Advanced System Care 15, iTop Screen Recorder 2.1, iTop VPN 3.2, Driver Booster 9, and iTop Screenshot sends HTTP requests in their update procedure in order to download a config file. After downloading the config file, the products will parse the HTTP location of the…
CVE-2022-31403Jun 14, 2022
iTop VPN
iTop VPN
risk 0.00cvss —epss 0.02
ITOP v3.0.1 was discovered to contain a cross-site scripting (XSS) vulnerability via /itop/pages/ajax.render.php.
CVE-2019-13966Feb 14, 2020
iTop VPN
iTop VPN
risk 0.00cvss —epss 0.00
In iTop through 2.6.0, an XSS payload can be delivered in certain fields (such as icon) of the XML file used to build the dashboard. This is similar to CVE-2015-6544 (which is only about the dashboard title).
CVE-2019-13965Feb 14, 2020
iTop VPN
iTop VPN
risk 0.00cvss —epss 0.00
Because of a lack of sanitization around error messages, multiple Reflective XSS issues exist in iTop through 2.6.0 via the param_file parameter to webservices/export.php, webservices/cron.php, or env-production/itop-backup/backup.php. By default, any XSS sent to the…