Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
cveMitreCVE-2024-31844
HistoryMay 21, 2024 - 4:15 p.m.

CVE-2024-31844

2024-05-2116:15:26
CWE-209
mitre
web.nvd.nist.gov
53
italtel embrace
information disclosure
server security
unauthenticated access
error handling

CVSS3

5.3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

AI Score

6.6

Confidence

Low

JSON

An issue was discovered in Italtel Embrace 1.6.4. The server does not properly handle application errors. In some cases, this leads to a disclosure of information about the server. An unauthenticated user is able craft specific requests in order to make the application generate an error. Inside an error message, some information about the server is revealed, such as the absolute path of the source code of the application. This kind of information can help an attacker to perform other attacks against the system. This can be exploited without authentication.

Affected configurations

Nvd
Node
italtelembraceMatch1.6.4
VendorProductVersionCPE
italtelembrace1.6.4cpe:2.3:a:italtel:embrace:1.6.4:*:*:*:*:*:*:*

Related

vulnrichment 1
nvd 1
cvelist 1
vulnrichment
vulnrichment
CVE-2024-31844
1976-01-01 00:00:00
nvd
nvd
CVE-2024-31844
2024-05-21 16:15:26
cvelist
cvelist
CVE-2024-31844
1976-01-01 00:00:00

CVSS3

5.3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

AI Score

6.6

Confidence

Low

JSON
Related for CVE-2024-31844
vulnrichment1nvd1cvelist1