An issue was discovered in Italtel Embrace 1.6.4. The product does not neutralize or incorrectly neutralizes output that is written to logs. The web application writes logs using a GET query string parameter. This parameter can be modified by an attacker, so that every action he performs is attributed to a different user. This can be exploited without authentication.
Metrics
Affected Vendors & Products
References
Link | Providers |
---|---|
https://www.gruppotim.it/it/footer/red-team.html |
History
No history.
MITRE
Status: PUBLISHED
Assigner: mitre
Published:
Updated: 2024-08-02T01:59:49.982Z
Reserved:
Link: CVE-2024-31845
Vulnrichment
Updated: 2024-08-02T01:59:49.982Z
NVD
Status : Awaiting Analysis
Published: 2024-05-21T16:15:26.103
Modified: 2024-11-21T09:14:00.490
Link: CVE-2024-31845
Redhat
No data.