{"id":24634,"date":"2025-03-21T11:02:51","date_gmt":"2025-03-21T10:02:51","guid":{"rendered":"https:\/\/www.defencetech.it\/?p=24634"},"modified":"2025-06-10T10:03:05","modified_gmt":"2025-06-10T08:03:05","slug":"open-source-vulnerability-hunting-itop-vulnerability-analysis-report","status":"publish","type":"post","link":"https:\/\/tinextadefence.it\/en\/open-source-vulnerability-hunting-itop-vulnerability-analysis-report\/","title":{"rendered":"Open source vulnerability hunting: iTop - Vulnerability Analysis Report"},"content":{"rendered":"<p>Our <strong>Malware Lab<\/strong>in line with the internal procedures for checking and validating the software used, conducted vulnerability hunting on the open source platform <strong>iTop<\/strong>developed by Combodo and widely adopted for IT service management.\u00a0<\/p>\r\n\r\n\r\n\r\n<p>The analysis led to the discovery of several critical vulnerabilities in the application's PHP code, as well as misconfigurations in several online instances. These security flaws could have allowed the execution of unauthorised queries, the manipulation of tickets, access to sensitive data, and, in some cases, the complete compromise of misconfigured instances.\u00a0<\/p>\r\n\r\n\r\n\r\n<p>All vulnerabilities were responsibly reported to the vendor and, following their correction (or closure as ineligible), we chose to publish the full report.\u00a0<\/p>\r\n\r\n\r\n\r\n<p>This work emphasises the importance of the proactive approach to security: every tool introduced into the company can become a potential attack vector if not analysed in depth.\u00a0<\/p>\r\n\r\n\r\n\r\n<p>If you wish to learn more, here is the link to our <strong><a title=\"full report\" href=\"https:\/\/tinextadefence.it\/wp-content\/uploads\/2025\/03\/Malware-report-iTop.pdf\">full report<\/a><\/strong>.\u00a0\u00a0<\/p>\r\n\r\n\r\n\r\n<p><span data-contrast=\"none\">In addition, you can subscribe to the specific mailing list <b>Cyber Studios by Tinexta Defence<\/b>, to receive updates on upcoming research: <\/span><a href=\"https:\/\/tinextadefence.it\/en\/cyber-studios-mailing-list\/\"><span data-contrast=\"none\">https:\/\/tinextadefence.it\/mailing-list-cyber-studios\/<\/span><\/a><\/p>","protected":false},"excerpt":{"rendered":"<p>Our Malware Lab, in line with the internal procedures for checking and validating the software used, conducted a vulnerability hunting activity on the open source iTop platform, developed by Combodo and widely adopted for IT service management.  The analysis led to the discovery of several critical vulnerabilities in the application's PHP code, as well as [...]<\/p>","protected":false},"author":2,"featured_media":26257,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"footnotes":""},"categories":[102],"tags":[110],"class_list":["post-24634","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-tinextadefencebusiness","tag-articoli"],"acf":[],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v25.8 - https:\/\/yoast.com\/wordpress\/plugins\/seo\/ -->\n<title>Open source vulnerability hunting: iTop\u00a0- Vulnerability Analysis Report - Tinexta Defence<\/title>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/tinextadefence.it\/en\/open-source-vulnerability-hunting-itop-vulnerability-analysis-report\/\" \/>\n<meta property=\"og:locale\" content=\"en_GB\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Open source vulnerability hunting: iTop\u00a0- Vulnerability Analysis Report - Tinexta Defence\" \/>\n<meta property=\"og:description\" content=\"Il nostro Malware Lab, in linea con le procedure interne di controllo e validazione dei software utilizzati, ha condotto un\u2019attivit\u00e0 di vulnerability hunting sulla piattaforma open source iTop, sviluppata da Combodo e largamente adottata per la gestione dei servizi IT.\u00a0 L\u2019analisi ha portato alla scoperta di diverse vulnerabilit\u00e0 critiche nel codice PHP dell\u2019applicativo, oltre a [&hellip;]\" \/>\n<meta property=\"og:url\" content=\"https:\/\/tinextadefence.it\/en\/open-source-vulnerability-hunting-itop-vulnerability-analysis-report\/\" \/>\n<meta property=\"og:site_name\" content=\"Tinexta Defence\" \/>\n<meta property=\"article:published_time\" content=\"2025-03-21T10:02:51+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2025-06-10T08:03:05+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/tinextadefence.it\/wp-content\/uploads\/2025\/03\/Tinexta_Defence_evidenza_articolo.jpg\" \/>\n\t<meta property=\"og:image:width\" content=\"1200\" \/>\n\t<meta property=\"og:image:height\" content=\"640\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/jpeg\" \/>\n<meta name=\"author\" content=\"Simone Sorte\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Simone Sorte\" \/>\n\t<meta name=\"twitter:label2\" content=\"Estimated reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"2 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\/\/tinextadefence.it\/open-source-vulnerability-hunting-itop-vulnerability-analysis-report\/#article\",\"isPartOf\":{\"@id\":\"https:\/\/tinextadefence.it\/open-source-vulnerability-hunting-itop-vulnerability-analysis-report\/\"},\"author\":{\"name\":\"Simone Sorte\",\"@id\":\"https:\/\/tinextadefence.it\/#\/schema\/person\/1f5092d13bbba815b7d8508dc4a0a941\"},\"headline\":\"Open source vulnerability hunting: iTop\u00a0&#8211; Vulnerability Analysis Report\",\"datePublished\":\"2025-03-21T10:02:51+00:00\",\"dateModified\":\"2025-06-10T08:03:05+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\/\/tinextadefence.it\/open-source-vulnerability-hunting-itop-vulnerability-analysis-report\/\"},\"wordCount\":195,\"publisher\":{\"@id\":\"https:\/\/tinextadefence.it\/#organization\"},\"image\":{\"@id\":\"https:\/\/tinextadefence.it\/open-source-vulnerability-hunting-itop-vulnerability-analysis-report\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/tinextadefence.it\/wp-content\/uploads\/2025\/03\/Tinexta_Defence_evidenza_articolo.jpg\",\"keywords\":[\"Articoli\"],\"articleSection\":[\"#TDefenceBusiness\"],\"inLanguage\":\"en-GB\"},{\"@type\":\"WebPage\",\"@id\":\"https:\/\/tinextadefence.it\/open-source-vulnerability-hunting-itop-vulnerability-analysis-report\/\",\"url\":\"https:\/\/tinextadefence.it\/open-source-vulnerability-hunting-itop-vulnerability-analysis-report\/\",\"name\":\"Open source vulnerability hunting: iTop\u00a0- Vulnerability Analysis Report - Tinexta Defence\",\"isPartOf\":{\"@id\":\"https:\/\/tinextadefence.it\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\/\/tinextadefence.it\/open-source-vulnerability-hunting-itop-vulnerability-analysis-report\/#primaryimage\"},\"image\":{\"@id\":\"https:\/\/tinextadefence.it\/open-source-vulnerability-hunting-itop-vulnerability-analysis-report\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/tinextadefence.it\/wp-content\/uploads\/2025\/03\/Tinexta_Defence_evidenza_articolo.jpg\",\"datePublished\":\"2025-03-21T10:02:51+00:00\",\"dateModified\":\"2025-06-10T08:03:05+00:00\",\"breadcrumb\":{\"@id\":\"https:\/\/tinextadefence.it\/open-source-vulnerability-hunting-itop-vulnerability-analysis-report\/#breadcrumb\"},\"inLanguage\":\"en-GB\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/tinextadefence.it\/open-source-vulnerability-hunting-itop-vulnerability-analysis-report\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-GB\",\"@id\":\"https:\/\/tinextadefence.it\/open-source-vulnerability-hunting-itop-vulnerability-analysis-report\/#primaryimage\",\"url\":\"https:\/\/tinextadefence.it\/wp-content\/uploads\/2025\/03\/Tinexta_Defence_evidenza_articolo.jpg\",\"contentUrl\":\"https:\/\/tinextadefence.it\/wp-content\/uploads\/2025\/03\/Tinexta_Defence_evidenza_articolo.jpg\",\"width\":1200,\"height\":640,\"caption\":\"Immagine in evidenza astratta per gli articoli di Tinexta Defence\"},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/tinextadefence.it\/open-source-vulnerability-hunting-itop-vulnerability-analysis-report\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/tinextadefence.it\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Open source vulnerability hunting: iTop\u00a0&#8211; Vulnerability Analysis Report\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/tinextadefence.it\/#website\",\"url\":\"https:\/\/tinextadefence.it\/\",\"name\":\"Tinexta Defence\",\"description\":\"think next, protect now\",\"publisher\":{\"@id\":\"https:\/\/tinextadefence.it\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/tinextadefence.it\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-GB\"},{\"@type\":\"Organization\",\"@id\":\"https:\/\/tinextadefence.it\/#organization\",\"name\":\"Tinexta Defence\",\"url\":\"https:\/\/tinextadefence.it\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-GB\",\"@id\":\"https:\/\/tinextadefence.it\/#\/schema\/logo\/image\/\",\"url\":\"https:\/\/tinextadefence.it\/wp-content\/uploads\/2025\/03\/Tinexta_Defence_marchio.png\",\"contentUrl\":\"https:\/\/tinextadefence.it\/wp-content\/uploads\/2025\/03\/Tinexta_Defence_marchio.png\",\"width\":2000,\"height\":990,\"caption\":\"Tinexta Defence\"},\"image\":{\"@id\":\"https:\/\/tinextadefence.it\/#\/schema\/logo\/image\/\"}},{\"@type\":\"Person\",\"@id\":\"https:\/\/tinextadefence.it\/#\/schema\/person\/1f5092d13bbba815b7d8508dc4a0a941\",\"name\":\"Simone Sorte\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-GB\",\"@id\":\"https:\/\/tinextadefence.it\/#\/schema\/person\/image\/\",\"url\":\"https:\/\/secure.gravatar.com\/avatar\/32dedea25589c73ac8f3d6a24a91a3de89a9dbecfeb8badd55816a91df1c8a31?s=96&d=mm&r=g\",\"contentUrl\":\"https:\/\/secure.gravatar.com\/avatar\/32dedea25589c73ac8f3d6a24a91a3de89a9dbecfeb8badd55816a91df1c8a31?s=96&d=mm&r=g\",\"caption\":\"Simone Sorte\"}}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Open source vulnerability hunting: iTop - Vulnerability Analysis Report - Tinexta Defence","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/tinextadefence.it\/en\/open-source-vulnerability-hunting-itop-vulnerability-analysis-report\/","og_locale":"en_GB","og_type":"article","og_title":"Open source vulnerability hunting: iTop\u00a0- Vulnerability Analysis Report - Tinexta Defence","og_description":"Il nostro Malware Lab, in linea con le procedure interne di controllo e validazione dei software utilizzati, ha condotto un\u2019attivit\u00e0 di vulnerability hunting sulla piattaforma open source iTop, sviluppata da Combodo e largamente adottata per la gestione dei servizi IT.\u00a0 L\u2019analisi ha portato alla scoperta di diverse vulnerabilit\u00e0 critiche nel codice PHP dell\u2019applicativo, oltre a [&hellip;]","og_url":"https:\/\/tinextadefence.it\/en\/open-source-vulnerability-hunting-itop-vulnerability-analysis-report\/","og_site_name":"Tinexta Defence","article_published_time":"2025-03-21T10:02:51+00:00","article_modified_time":"2025-06-10T08:03:05+00:00","og_image":[{"width":1200,"height":640,"url":"https:\/\/tinextadefence.it\/wp-content\/uploads\/2025\/03\/Tinexta_Defence_evidenza_articolo.jpg","type":"image\/jpeg"}],"author":"Simone Sorte","twitter_card":"summary_large_image","twitter_misc":{"Written by":"Simone Sorte","Estimated reading time":"2 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/tinextadefence.it\/open-source-vulnerability-hunting-itop-vulnerability-analysis-report\/#article","isPartOf":{"@id":"https:\/\/tinextadefence.it\/open-source-vulnerability-hunting-itop-vulnerability-analysis-report\/"},"author":{"name":"Simone Sorte","@id":"https:\/\/tinextadefence.it\/#\/schema\/person\/1f5092d13bbba815b7d8508dc4a0a941"},"headline":"Open source vulnerability hunting: iTop\u00a0&#8211; Vulnerability Analysis Report","datePublished":"2025-03-21T10:02:51+00:00","dateModified":"2025-06-10T08:03:05+00:00","mainEntityOfPage":{"@id":"https:\/\/tinextadefence.it\/open-source-vulnerability-hunting-itop-vulnerability-analysis-report\/"},"wordCount":195,"publisher":{"@id":"https:\/\/tinextadefence.it\/#organization"},"image":{"@id":"https:\/\/tinextadefence.it\/open-source-vulnerability-hunting-itop-vulnerability-analysis-report\/#primaryimage"},"thumbnailUrl":"https:\/\/tinextadefence.it\/wp-content\/uploads\/2025\/03\/Tinexta_Defence_evidenza_articolo.jpg","keywords":["Articoli"],"articleSection":["#TDefenceBusiness"],"inLanguage":"en-GB"},{"@type":"WebPage","@id":"https:\/\/tinextadefence.it\/open-source-vulnerability-hunting-itop-vulnerability-analysis-report\/","url":"https:\/\/tinextadefence.it\/open-source-vulnerability-hunting-itop-vulnerability-analysis-report\/","name":"Open source vulnerability hunting: iTop - Vulnerability Analysis Report - Tinexta Defence","isPartOf":{"@id":"https:\/\/tinextadefence.it\/#website"},"primaryImageOfPage":{"@id":"https:\/\/tinextadefence.it\/open-source-vulnerability-hunting-itop-vulnerability-analysis-report\/#primaryimage"},"image":{"@id":"https:\/\/tinextadefence.it\/open-source-vulnerability-hunting-itop-vulnerability-analysis-report\/#primaryimage"},"thumbnailUrl":"https:\/\/tinextadefence.it\/wp-content\/uploads\/2025\/03\/Tinexta_Defence_evidenza_articolo.jpg","datePublished":"2025-03-21T10:02:51+00:00","dateModified":"2025-06-10T08:03:05+00:00","breadcrumb":{"@id":"https:\/\/tinextadefence.it\/open-source-vulnerability-hunting-itop-vulnerability-analysis-report\/#breadcrumb"},"inLanguage":"en-GB","potentialAction":[{"@type":"ReadAction","target":["https:\/\/tinextadefence.it\/open-source-vulnerability-hunting-itop-vulnerability-analysis-report\/"]}]},{"@type":"ImageObject","inLanguage":"en-GB","@id":"https:\/\/tinextadefence.it\/open-source-vulnerability-hunting-itop-vulnerability-analysis-report\/#primaryimage","url":"https:\/\/tinextadefence.it\/wp-content\/uploads\/2025\/03\/Tinexta_Defence_evidenza_articolo.jpg","contentUrl":"https:\/\/tinextadefence.it\/wp-content\/uploads\/2025\/03\/Tinexta_Defence_evidenza_articolo.jpg","width":1200,"height":640,"caption":"Immagine in evidenza astratta per gli articoli di Tinexta Defence"},{"@type":"BreadcrumbList","@id":"https:\/\/tinextadefence.it\/open-source-vulnerability-hunting-itop-vulnerability-analysis-report\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/tinextadefence.it\/"},{"@type":"ListItem","position":2,"name":"Open source vulnerability hunting: iTop\u00a0&#8211; Vulnerability Analysis Report"}]},{"@type":"WebSite","@id":"https:\/\/tinextadefence.it\/#website","url":"https:\/\/tinextadefence.it\/","name":"Tinexta Defence","description":"think next, protect now","publisher":{"@id":"https:\/\/tinextadefence.it\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/tinextadefence.it\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-GB"},{"@type":"Organization","@id":"https:\/\/tinextadefence.it\/#organization","name":"Tinexta Defence","url":"https:\/\/tinextadefence.it\/","logo":{"@type":"ImageObject","inLanguage":"en-GB","@id":"https:\/\/tinextadefence.it\/#\/schema\/logo\/image\/","url":"https:\/\/tinextadefence.it\/wp-content\/uploads\/2025\/03\/Tinexta_Defence_marchio.png","contentUrl":"https:\/\/tinextadefence.it\/wp-content\/uploads\/2025\/03\/Tinexta_Defence_marchio.png","width":2000,"height":990,"caption":"Tinexta Defence"},"image":{"@id":"https:\/\/tinextadefence.it\/#\/schema\/logo\/image\/"}},{"@type":"Person","@id":"https:\/\/tinextadefence.it\/#\/schema\/person\/1f5092d13bbba815b7d8508dc4a0a941","name":"Simone Sorte","image":{"@type":"ImageObject","inLanguage":"en-GB","@id":"https:\/\/tinextadefence.it\/#\/schema\/person\/image\/","url":"https:\/\/secure.gravatar.com\/avatar\/32dedea25589c73ac8f3d6a24a91a3de89a9dbecfeb8badd55816a91df1c8a31?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/32dedea25589c73ac8f3d6a24a91a3de89a9dbecfeb8badd55816a91df1c8a31?s=96&d=mm&r=g","caption":"Simone Sorte"}}]}},"_links":{"self":[{"href":"https:\/\/tinextadefence.it\/en\/wp-json\/wp\/v2\/posts\/24634","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/tinextadefence.it\/en\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/tinextadefence.it\/en\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/tinextadefence.it\/en\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/tinextadefence.it\/en\/wp-json\/wp\/v2\/comments?post=24634"}],"version-history":[{"count":0,"href":"https:\/\/tinextadefence.it\/en\/wp-json\/wp\/v2\/posts\/24634\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/tinextadefence.it\/en\/wp-json\/wp\/v2\/media\/26257"}],"wp:attachment":[{"href":"https:\/\/tinextadefence.it\/en\/wp-json\/wp\/v2\/media?parent=24634"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/tinextadefence.it\/en\/wp-json\/wp\/v2\/categories?post=24634"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/tinextadefence.it\/en\/wp-json\/wp\/v2\/tags?post=24634"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}