Browse all 66 CVE security advisories affecting Combodo. AI-powered Chinese analysis, POCs, and references for each vulnerability.
Combodo is a software development firm best known for creating iTop, an open-source IT Service Management platform used for incident, problem, and change management. Historically, its applications have been targeted due to a significant volume of recorded vulnerabilities, including Remote Code Execution, Cross-Site Scripting, and SQL Injection. These flaws often stem from insufficient input validation and improper access controls within the web interface. While the company maintains an active security response process, the sheer number of disclosed Common Vulnerabilities and Exposures highlights persistent challenges in securing legacy codebases. Major incidents have primarily involved exploitation of these injection flaws by attackers seeking unauthorized administrative access or data exfiltration. Users are advised to maintain strict patch management protocols and implement robust network segmentation to mitigate risks associated with these historically common vulnerability classes.
| CVE ID | Title | CVSS | Severity | Published |
|---|---|---|---|---|
| CVE-2020-4079 | Information disclosure vulnerability in iTop — iTopCWE-200 | 7.7 | High | 2021-01-12 |
| CVE-2020-12781 | Combodo iTop - CSRF — iTopCWE-352 | 5.7 | Medium | 2020-08-10 |
| CVE-2020-12780 | Combodo iTop - Security Misconfiguration — iTop | 7.5 | High | 2020-08-10 |
| CVE-2020-12779 | Combodo iTop - Stored XSS — iTop | 6.8 | Medium | 2020-08-10 |
| CVE-2020-12777 | Combodo iTop - Broken Access Control — iTop | 7.5 | High | 2020-08-10 |
| CVE-2020-12778 | Combodo iTop - Reflected XSS — iTop | 7.4 | High | 2020-08-10 |
This page lists every published CVE security advisory associated with Combodo. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.