CVE-2024-31844
May 21, 2024, 4:53 p.m.
None
No Score
Description
An issue was discovered in Italtel Embrace 1.6.4. The server does not properly handle application errors. In some cases, this leads to a disclosure of information about the server. An unauthenticated user is able craft specific requests in order to make the application generate an error. Inside an error message, some information about the server is revealed, such as the absolute path of the source code of the application. This kind of information can help an attacker to perform other attacks against the system. This can be exploited without authentication.
Product(s) Impacted
| Product | Versions |
|---|---|
| Italtel Embrace |
|
Weaknesses
Common security weaknesses mapped to this vulnerability.
Tags
Timeline
Published: May 21, 2024, 4:15 p.m.
Last Modified: May 21, 2024, 4:53 p.m.
Last Modified: May 21, 2024, 4:53 p.m.
Status : Awaiting Analysis
CVE has been marked for Analysis. Normally once in this state the CVE will be analyzed by NVD staff within 24 hours.
More infoSource
cve@mitre.org
*Disclaimer: Some vulnerabilities do not have an associated CPE. To enhance the data, we use AI to infer CPEs based on CVE details. This is an automated process and might not always be accurate.