CVE-2020-4079

HIGH Year: 2020
CVSS v3 Score
7.7
High
CVSS v2 Score
4.0
Medium
Weakness Type
CWE-200
View all →

Vulnerability Description

Combodo iTop is a web based IT Service Management tool. In iTop before versions 2.7.2 and 2.8.0, when the ajax endpoint for the "excel export" portal functionality is called directly it allows getting data without scope filtering. This allows a user to access data they which they should not have access to. This is fixed in versions 2.7.2 and 3.0.0.

Related Vulnerabilities

CVE-2016-0267

HIGH
CVSS:7.7(High)

IBM UrbanCode Deploy 6.0.x before 6.0.1.13, 6.1.x before 6.1.3.3, and 6.2.x before 6.2.1.1 allows remote authenticated users to obtain sensitive cleartext secure-property information via (1) the serve...

CWE-2002016

CVE-2016-3473

HIGH
CVSS:7.7(High)

Unspecified vulnerability in the BI Publisher (formerly XML Publisher) component in Oracle Fusion Middleware 11.1.1.7.0, 11.1.1.9.0, and 12.2.1.0.0 allows remote authenticated users to affect confiden...

CWE-2002016

CVE-2016-3765

HIGH
CVSS:7.7(High)

decoder/impeg2d_bitstream.c in mediaserver in Android 6.x before 2016-07-01 allows attackers to obtain sensitive information from process memory or cause a denial of service (out-of-bounds read) via a...

CWE-2002016

CVE-2016-5565

HIGH
CVSS:7.7(High)

Unspecified vulnerability in the Oracle Hospitality OPERA 5 Property Services component in Oracle Hospitality Applications 5.4.0.0 through 5.4.3.0, 5.5.0.0, and 5.5.1.0 allows remote authenticated use...

CWE-2002016

CVE-2019-5534

HIGH
CVSS:7.7(High)

VMware vCenter Server (6.7.x prior to 6.7 U3, 6.5 prior to 6.5 U3 and 6.0 prior to 6.0 U3j) contains an information disclosure vulnerability where Virtual Machines deployed from an OVF could expose lo...

CWE-2002019

CVE-2020-7944

HIGH
CVSS:7.7(High)

In Continuous Delivery for Puppet Enterprise (CD4PE) before 3.4.0, changes to resources or classes containing Sensitive parameters can result in the Sensitive parameters ending up in the impact analys...

CWE-2002020