Mushrraf Baig Ashraf

**Name of the Vulnerable Software and Affected Versions** Combodo iTop versions prior to 2.7.4 Combodo iTop versions prior to 3.0.0 can be simplified to the above, as versions prior to 2.7.4 already include versions prior to 3.0.0. Therefore, the simplified version is: Combodo iTop versions prior to 2.7.4 **Description** The issue concerns the CSRF token validation in Combodo iTop, which can be bypassed through the iTop portal using a specific browser procedure. **Recommendations** For versions prior to 2.7.4, update to version 2.7.4 or later to resolve the issue.