CVE-2024-31845

Published: May 21, 2024

Modified: Feb 13, 2025

PUBLISHED

Description

An issue was discovered in Italtel Embrace 1.6.4. The product does not neutralize or incorrectly neutralizes output that is written to logs. The web application writes logs using a GET query string parameter. This parameter can be modified by an attacker, so that every action he performs is attributed to a different user. This can be exploited without authentication.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

https://www.gruppotim.it/it/footer/red-team.html

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2024-31845

Description

Affected Products

References