go to Content
:::

TWCERT/CC Taiwan Computer Emergency Response Team/Coordination Center

:::
Date:
Font-stze:

Combodo iTop - Broken Access Control

TVN ID TVN-202004004
CVE ID CVE-2020-12777
CVSS 7.5 (High)
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Affected Products Combodo iTop versions prior to 2.7.0-beta2
Description A function in Combodo iTop contains a vulnerability of Broken Access Control, which allows unauthorized attacker to inject command and disclose system information.
Solution Update to version 2.7.1
Credit 黃榆翔、蔡仲南、Tseng, Yung-Hao
Public Date 2020-08-10

Links

  1. CVE-2020-12777
Top