CVE-2022-24780 is a code injection vulnerability classified under CWE-94 (Improper Control of Generation of Code) affecting Combodo iTop, a web-based IT Service Management (ITSM) tool widely used for managing IT infrastructure and services. The vulnerability exists in versions prior to 2.7.6 and 3.0.0 of iTop. It allows authenticated users of the iTop user portal to send specially crafted HTTP queries containing malicious TWIG template code to the server. TWIG is a templating engine used by iTop to render dynamic content. Due to insufficient input validation and improper sanitization of user-supplied TWIG code, the server executes this code with the privileges of the HTTP server user. This effectively enables remote code execution (RCE) on the backend server, allowing attackers to run arbitrary commands or scripts. The vulnerability does not require elevated privileges beyond a valid user account on the iTop portal, but it does require authentication and user interaction in the form of sending crafted HTTP requests. The issue was publicly disclosed on April 5, 2022, and fixed in versions 2.7.6 and 3.0.0. No known exploits have been reported in the wild to date, and no workarounds are currently available. The vulnerability poses a significant risk because it can lead to full compromise of the affected server, potentially allowing attackers to access sensitive IT management data, disrupt IT service operations, or pivot to other internal systems. The medium severity rating reflects the requirement for authentication and the limited scope to users with portal access, but the impact of successful exploitation can be severe.

For European organizations, the exploitation of CVE-2022-24780 could have serious consequences. iTop is commonly deployed in IT departments to manage service requests, incidents, and configuration items, often containing sensitive operational data and credentials. Successful exploitation could lead to unauthorized disclosure of confidential IT infrastructure details, disruption of IT service management processes, and potential lateral movement within corporate networks. This could affect critical sectors such as finance, healthcare, government, and manufacturing, where ITSM tools are integral to maintaining service continuity. Additionally, compromised servers could be used as footholds for launching further attacks or deploying ransomware. The impact on availability and integrity of ITSM data could degrade organizational response capabilities during incidents, increasing downtime and operational risk. Given the centralized role of iTop in IT operations, the vulnerability could also undermine compliance with European data protection regulations if sensitive data is exposed or manipulated.

Organizations should immediately verify their iTop version and upgrade to version 2.7.6 or later, or 3.0.0 or later, where the vulnerability is patched. Since no workarounds exist, patching is the primary mitigation step. Additionally, organizations should restrict access to the iTop user portal to trusted users only, ideally limiting it to internal networks or VPNs to reduce exposure. Implementing strict authentication controls, such as multi-factor authentication (MFA), can reduce the risk of unauthorized access. Monitoring and logging of iTop portal access and unusual HTTP requests should be enhanced to detect potential exploitation attempts. Network segmentation should be employed to isolate the iTop server from critical infrastructure to limit lateral movement if compromised. Regular security audits and penetration testing focusing on ITSM tools can help identify residual risks. Finally, organizations should review and harden server permissions to minimize the impact of code execution under the HTTP server user context.