SQL Query Disclosure in iTop User Portal

SQL Query Disclosure in iTop User Portal

CVE-2020-15219 · MEDIUM Severity

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

Combodo iTop is a web based IT Service Management tool. In iTop before versions 2.7.2 and 3.0.0, when a download error is triggered in the user portal, an SQL query is displayed to the user. This is fixed in versions 2.7.2 and 3.0.0.

Learn more about our Cis Benchmark Audit For Microsoft Sql Server.