When using iTop on IIS, on affected version the embedded web.config files are not protecting all the directories that should be forbidden from web access.
Many thanks to TW/CERT for his report !
Combodo ref N°2984 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-12780 https://www.itophub.io/wiki/page?id=latest%3Ainstall%3Asecurity#secure_critical_directories_access
If you have any questions or comments about this advisory: Email us at itop-security@combodo.com
Impact
When using iTop on IIS, on affected version the embedded web.config files are not protecting all the directories that should be forbidden from web access.
Patches
Credits
Many thanks to TW/CERT for his report !
References
Combodo ref N°2984
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-12780
https://www.itophub.io/wiki/page?id=latest%3Ainstall%3Asecurity#secure_critical_directories_access
For more information
If you have any questions or comments about this advisory:
Email us at itop-security@combodo.com