CVE-2022-39214 | Authenticated users of Combodo iTop can take over any account
Combodo iTop is an open source, web-based IT service management platform. Prior to versions 2.7.8 and 3.0.2-1, a user who can log in on iTop is able to take over any account just by knowing the account's username. This issue is fixed in versions 2.7.8 and 3.0.2-1.
Conclusion & alert: CVE-2022-39214 is rated High Risk (77.6/100): CVSS Critical severity, with high exploitation likelihood (EPSS 25.57%, 98th percentile).Core evidence: EPSS ranks this CVE among the most likely to be exploited in the near term. EPSS rose +25.14% over the last day, indicating growing attacker interest.Mandatory action: High exploitation likelihood—assess exposure and prioritize remediation.
Risk is dynamic; we continuously reassess and refresh what is shown on this page as upstream context changes.
Exploit prediction scoring system (EPSS) score for CVE-2022-39214
EPSS lead: Daily EPSS estimates relative likelihood of exploitation; percentile ranks this CVE among scored vulnerabilities (higher = more severe relative rank).