Aggregates CVE and security vulnerability intelligence across all topmanage-related products, including CVSS, EPSS, publication dates, and vulnerability intelligence data.
Historical issues mainly involve vendor risk cross-site scripting and vendor risk csrf and related problems; some flaws may lead to vendor impact data exposure, affecting vendor surface production workloads scenarios.
| CVE | Summary | Source | Max CVSS | EPSS % | Published | Updated |
|---|---|---|---|---|---|---|
| CVE-2020-6845 | An issue was discovered in TopManage OLK 2020. As there is no ReadOnly on the Session cookie, the user and admin accounts can be taken over in a DOM-Based XSS attack. | [email protected] | 6.1 | 0.23% | 2020-02-18 | 2024-11-21 |
| CVE-2020-6844 | In TopManage OLK 2020, login CSRF can be chained with another vulnerability in order to takeover admin and user accounts. | [email protected] | 8.8 | 0.17% | 2020-02-18 | 2024-11-21 |
| CVE-2010-2686 | Multiple SQL injection vulnerabilities in clientes.asp in the TopManage OLK module 1.91.30 for SAP allow remote attackers to execute arbitrary SQL commands via the (1) PriceFrom, (2) PriceTo, and (3) InvFrom parameters, as reachable from olk/c_p/searchCart.asp, and other unspecified vectors when performing an advanced search. NOTE: some of these details are obtained from third party information. | [email protected] | 7.5 | 0.40% | 2010-07-12 | 2026-04-29 |