Impact
When containing an invalid OQL query, the audit page displays an error message and the query without escaping it properly.
Patches
- 2.7.1 : packages community, essential, professional
- 3.0.0 : to be published
Credits
Many thanks to TW/CERT for his report !
References
Combodo ref N°2990
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-12779
For more information
If you have any questions or comments about this advisory:
Email us at itop-security@combodo.com
Impact
When containing an invalid OQL query, the audit page displays an error message and the query without escaping it properly.
Patches
Credits
Many thanks to TW/CERT for his report !
References
Combodo ref N°2990
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-12779
For more information
If you have any questions or comments about this advisory:
Email us at itop-security@combodo.com