Vulnerabilities > CVE-2024-31842 - Unspecified vulnerability in Italtel Embrace 1.6.4

CVSS 8.8 - HIGH

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

HIGH

Integrity impact

HIGH

Availability impact

HIGH

network

low complexity

italtel

NVD

Published: 2024-08-20

Updated: 2024-10-29

Summary

An issue was discovered in Italtel Embrace 1.6.4. The web application inserts the access token of an authenticated user inside GET requests. The query string for the URL could be saved in the browser's history, passed through Referers to other web sites, stored in web logs, or otherwise recorded in other sources. If the query string contains sensitive information such as session identifiers, then attackers can use this information to launch further attacks. Because the access token in sent in GET requests, this vulnerability could lead to complete account takeover.

Vulnerable Configurations

Part	Description	Count
Application	Italtel Italtel Embrace 1.6.4	1

References

https://www.gruppotim.it/it/footer/red-team.html