CVE-2020-4079
HIGHCombodo iTop < 2.7.2 - Unauthorized Data Access via Excel Export Endpoint
Title source: llmDescription
Combodo iTop is a web based IT Service Management tool. In iTop before versions 2.7.2 and 2.8.0, when the ajax endpoint for the "excel export" portal functionality is called directly it allows getting data without scope filtering. This allows a user to access data they which they should not have access to. This is fixed in versions 2.7.2 and 3.0.0.
References (1)
Core 1
Core References
Third Party Advisory x_refsource_confirm
https://github.com/Combodo/iTop/security/advisories/GHSA-vcv9-xp3j-7jwh
Scores
CVSS v3
7.7
EPSS
0.0086
EPSS Percentile
53.9%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N
Details
CWE
CWE-200
Status
published
Products (2)
combodo/itop
2.7.3
combodo/itop
< 2.7.2
Published
Jan 12, 2021
Tracked Since
Feb 18, 2026