An issue was discovered in Italtel Embrace 1.6.4. The server does not properly handle application errors. In some cases, this leads to a disclosure of information about the server. An unauthenticated user is able craft specific requests in order to make the application generate an error. Inside an error message, some information about the server is revealed, such as the absolute path of the source code of the application. This kind of information can help an attacker to perform other attacks against the system. This can be exploited without authentication.
References
Link | Resource |
---|---|
https://www.gruppotim.it/it/footer/red-team.html | Exploit Third Party Advisory |
Configurations
History
26 Jul 2024, 18:21
Type | Values Removed | Values Added |
---|---|---|
CWE | CWE-209 | |
CPE | cpe:2.3:a:italtel:embrace:1.6.4:*:*:*:*:*:*:* | |
First Time |
Italtel embrace
Italtel |
|
Summary |
|
|
References | () https://www.gruppotim.it/it/footer/red-team.html - Exploit, Third Party Advisory | |
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 5.3 |
21 May 2024, 16:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2024-05-21 16:15
Updated : 2024-07-26 18:21
NVD link : CVE-2024-31844
Mitre link : CVE-2024-31844
CVE.ORG link : CVE-2024-31844
JSON object : View
Products Affected
italtel
- embrace
CWE
CWE-209
Generation of Error Message Containing Sensitive Information