7.5

CVE-2020-12777

Combodo iTop - Broken Access Control

A function in Combodo iTop contains a vulnerability of Broken Access Control, which allows unauthorized attacker to inject command and disclose system information.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
CombodoItop Version < 2.7.1
CombodoItop Version3.0.0 Updatealpha
CombodoItop Version3.0.0 Updatebeta
CombodoItop Version3.0.0 Updatebeta1
CombodoItop Version3.0.0 Updatebeta2
CombodoItop Version3.0.0 Updatebeta3
CombodoItop Version3.0.0 Updatebeta4
CombodoItop Version3.0.0 Updatebeta5
CombodoItop Version3.0.0 Updatebeta6
CombodoItop Version3.0.0 Updatebeta7
CombodoItop Version3.0.0 Updatebeta8
CombodoItop Version3.0.0 Updaterc
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 1.26% 0.657
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 7.5 3.9 3.6
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
nvd@nist.gov 5 10 2.9
AV:N/AC:L/Au:N/C:P/I:N/A:N
twcert@cert.org.tw 7.5 3.9 3.6
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
CWE-200 Exposure of Sensitive Information to an Unauthorized Actor

The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

https://github.com/Combodo/iTop/security/advisories/GHSA-88fq-r22m-64q2
Third Party Advisory
https://www.twcert.org.tw/tw/cp-132-3833-46ae7-1.html
Third Party Advisory