Awaiting Analysis
CVE has been marked for Analysis. Normally once in this state the CVE will be analyzed by NVD staff within 24 hours.
CVE has been marked for Analysis. Normally once in this state the CVE will be analyzed by NVD staff within 24 hours.
Products
Italtel Embrace
- 1.6.4
Source
cve@mitre.org
Tags
CVE-2024-31840 details
Published : May 21, 2024, 4:15 p.m.
Last Modified : May 21, 2024, 4:53 p.m.
Last Modified : May 21, 2024, 4:53 p.m.
Description
An issue was discovered in Italtel Embrace 1.6.4. The web application inserts cleartext passwords in the HTML source code. An authenticated user is able to edit the configuration of the email server. Once the user access the edit function, the web application fills the edit form with the current credentials for the email account, including the cleartext password.
CVSS Score
| 1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | 9 | 10 |
|---|
Weakness
| Weakness | Name | Description |
|---|
References
| URL | Source |
|---|---|
| https://www.gruppotim.it/it/footer/red-team.html | cve@mitre.org |
This website uses the NVD API, but is not approved or certified by it.