An issue was discovered in Italtel Embrace 1.6.4. The web application inserts cleartext passwords in the HTML source code. An authenticated user is able to edit the configuration of the email server. Once the user access the edit function, the web application fills the edit form with the current credentials for the email account, including the cleartext password.
References
Link | Resource |
---|---|
https://www.gruppotim.it/it/footer/red-team.html | Exploit Third Party Advisory |
Configurations
History
26 Jul 2024, 19:12
Type | Values Removed | Values Added |
---|---|---|
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 6.5 |
CWE | CWE-312 CWE-319 |
|
Summary |
|
|
First Time |
Italtel embrace
Italtel |
|
References | () https://www.gruppotim.it/it/footer/red-team.html - Exploit, Third Party Advisory | |
CPE | cpe:2.3:a:italtel:embrace:1.6.4:*:*:*:*:*:*:* |
21 May 2024, 16:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2024-05-21 16:15
Updated : 2024-07-26 19:12
NVD link : CVE-2024-31840
Mitre link : CVE-2024-31840
CVE.ORG link : CVE-2024-31840
JSON object : View
Products Affected
italtel
- embrace