Amammad

**Name of the Vulnerable Software and Affected Versions** Combodo iTop versions prior to 2.7.6 and 3.0.0 **Description** Combodo iTop is a web-based IT Service Management tool. In the affected versions, CSRF tokens generated by `privUITransactionFile` are not properly checked. **Recommendations** For versions prior to 2.7.6, update to version 2.7.6 to resolve the issue. For versions prior to 3.0.0, update to version 3.0.0 to resolve the issue. As a temporary workaround for affected versions, use the session implementation by adding it to the iTop config file.