go to Content

TWCERT/CC Taiwan Computer Emergency Response Team/Coordination Center



Combodo iTop - CSRF

TVN ID TVN-202004008
Public Date 2020-08-10
Affected Products Combodo iTop versions prior to 2.7.0-beta2
Description Combodo iTop contains a cross-site request forgery (CSRF) vulnerability, attackers can execute specific commands via malicious site request forgery.
CVE ID CVE-2020-12781
Solution Update to version 2.7.1
Credit 黃榆翔、蔡仲南、Tseng, Yung-Hao