Embrace Security Vulnerabilities and Issues — Embrace CVE List

Lucene search

ItaltelEmbrace

5 matches found

CVE•added 2024/05/23 7:16 p.m.•92 views

CVE-2024-31843

An issue was discovered in Italtel Embrace 1.6.4. The Web application does not properly check the parameters sent as input before they are processed on the server side. This allows authenticated users to execute commands on the Operating System.

4.1CVSS7.1AI score0.00056EPSS

CVE•added 2024/05/21 4:15 p.m.•75 views

CVE-2024-31844

An issue was discovered in Italtel Embrace 1.6.4. The server does not properly handle application errors. In some cases, this leads to a disclosure of information about the server. An unauthenticated user is able craft specific requests in order to make the application generate an error. Inside an ...

5.3CVSS6.6AI score0.00063EPSS

CVE•added 2024/05/21 4:15 p.m.•74 views

CVE-2024-31840

An issue was discovered in Italtel Embrace 1.6.4. The web application inserts cleartext passwords in the HTML source code. An authenticated user is able to edit the configuration of the email server. Once the user access the edit function, the web application fills the edit form with the current cr...

6.5CVSS6.5AI score0.0008EPSS

CVE•added 2024/05/21 4:15 p.m.•71 views

CVE-2024-31847

An issue was discovered in Italtel Embrace 1.6.4. A stored cross-site scripting (XSS) vulnerability allows authenticated and unauthenticated remote attackers to inject arbitrary web script or HTML into a GET parameter. This reflects/stores the user input without sanitization.

6.1CVSS5.4AI score0.00235EPSS

CVE•added 2024/05/21 4:15 p.m.•55 views

CVE-2024-31845

An issue was discovered in Italtel Embrace 1.6.4. The product does not neutralize or incorrectly neutralizes output that is written to logs. The web application writes logs using a GET query string parameter. This parameter can be modified by an attacker, so that every action he performs is attribu...

5.3CVSS6.7AI score0.00165EPSS