CVE-2024-31844

MEDIUM

Italtel Embrace 1.6.4 - Info Disclosure

Title source: llm

Description

An issue was discovered in Italtel Embrace 1.6.4. The server does not properly handle application errors. In some cases, this leads to a disclosure of information about the server. An unauthenticated user is able craft specific requests in order to make the application generate an error. Inside an error message, some information about the server is revealed, such as the absolute path of the source code of the application. This kind of information can help an attacker to perform other attacks against the system. This can be exploited without authentication.

References (1)

[Exploit, Third Party Advisory] https://www.gruppotim.it/it/footer/red-team.html

Scores

CVSS v3 5.3

EPSS 0.0011

EPSS Percentile 29.0%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

CISA SSVC

Vulnrichment

Exploitation poc

Automatable yes

Technical Impact partial

Details

CWE

CWE-209

Status published

Products (1)

italtel/embrace 1.6.4

Published May 21, 2024

Tracked Since Feb 18, 2026