CVE-2020-15218
Admin pages are cached and can be embeddedCombodo iTop is a web based IT Service Management tool. In iTop before versions 2.7.2 and 3.0.0, admin pages are cached, so that their content is visible after deconnection by using the browser back button. This is fixed in versions 2.7.2 and 3.0.0.
We have discovered 4 live websites that are affected by CVE-2020-15218.
Affected Software
| Product | |
| Category | Issue Trackers |
| Vulnerable Domains | 4 live websites (25% of Combodo iTop install base) |
| Vulnerable Versions |
|
| Vulnerable Versions Count | 0 versions ( less than 0.1% of all versions) |
Common Weakness Enumeration
CWE-613 Insufficient Session ExpirationDetails
- Published - Jan 14, 2021
- Updated - Aug 4, 2024
CVE References
CWE References
CWE
Website Distribution by Country
Number of websites using CVE-2020-15218 Denmark | 1 websites |
 France | 1 websites |
 GB | 1 websites |
 Netherlands | 1 websites |
Website Distribution by TLD
Number of websites using CVE-2020-15218| .com | 1 websites |
| .dk | 1 websites |
| .fr | 1 websites |
| .net | 1 websites |
Vulnerable Versions
Vulnerable versions are highlighted in redWebsites affected by CVE-2020-15218
Top websites that are affected by CVE-2020-15218. Please click on the "Contact us" link to get more information.| Domain | Country | Rank | Contacts |
|---|---|---|---|
| *****.*****.dk | Denmark | **,***,*** | |
| *******.******.fr | France | **,***,*** | |
| ******.*********.net | Netherlands | **,***,*** | |
| ****.***************.com | GB | ***,***,*** |
FAQ
CVE-2020-15218 is Insufficient Session Expiration in Combodo iTop
A total of 4 websites have been identified as vulnerable to CVE-2020-15218, based on global website indexing conducted by WebTechSurvey.
The Combodo iTop is affected by the CVE-2020-15218 vulnerability.
Combodo iTop versions up to 2.7.2 are vulnerable to CVE-2020-15218.
CVE-2020-15218 is resolved in version 2.7.2 of Combodo iTop.