Vulnerabilities > CVE-2020-15220 - Insufficient Session Expiration vulnerability in Combodo Itop

047910
CVSS 5.8 - MEDIUM
Attack vector
NETWORK
Attack complexity
MEDIUM
Privileges required
NONE
Confidentiality impact
PARTIAL
Integrity impact
PARTIAL
Availability impact
NONE
network
combodo
CWE-613
NVD
Published: 2021-01-13
Updated: 2021-01-15

Summary

Combodo iTop is a web based IT Service Management tool. In iTop before versions 2.7.2 and 3.0.0, two cookies are created for the same session, which leads to a possibility to steal user session. This is fixed in versions 2.7.2 and 3.0.0.

Vulnerable Configurations

Part Description Count
Application
Combodo
80

Common Weakness Enumeration (CWE)

References