cve-2024-31840
Vulnerability from cvelistv5
Published
Modified
2024-08-08 13:43
Severity
Summary
An issue was discovered in Italtel Embrace 1.6.4. The web application inserts cleartext passwords in the HTML source code. An authenticated user is able to edit the configuration of the email server. Once the user access the edit function, the web application fills the edit form with the current credentials for the email account, including the cleartext password.
References
| Source | URL | Tags |
|---|---|---|
| cve@mitre.org | https://www.gruppotim.it/it/footer/red-team.html | Exploit, Third Party Advisory |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T01:59:49.780Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.gruppotim.it/it/footer/red-team.html"
}
],
"title": "CVE Program Container"
},
{
"affected": [
{
"cpes": [
"cpe:2.3:a:italtel:embrace:1.6.4:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "embrace",
"vendor": "italtel",
"versions": [
{
"status": "affected",
"version": "1.6.4"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-31840",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-05-21T17:51:14.931339Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-08-08T13:43:54.079Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in Italtel Embrace 1.6.4. The web application inserts cleartext passwords in the HTML source code. An authenticated user is able to edit the configuration of the email server. Once the user access the edit function, the web application fills the edit form with the current credentials for the email account, including the cleartext password."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-05-21T15:32:38.274109",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://www.gruppotim.it/it/footer/red-team.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2024-31840",
"dateUpdated": "2024-08-08T13:43:54.079Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"meta": {
"nvd": "{\"cve\":{\"id\":\"CVE-2024-31840\",\"sourceIdentifier\":\"cve@mitre.org\",\"published\":\"2024-05-21T16:15:25.943\",\"lastModified\":\"2024-07-26T19:12:02.190\",\"vulnStatus\":\"Analyzed\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"An issue was discovered in Italtel Embrace 1.6.4. The web application inserts cleartext passwords in the HTML source code. An authenticated user is able to edit the configuration of the email server. Once the user access the edit function, the web application fills the edit form with the current credentials for the email account, including the cleartext password.\"},{\"lang\":\"es\",\"value\":\"Se descubri\u00f3 un problema en Italtel Embrace 1.6.4. La aplicaci\u00f3n web inserta contrase\u00f1as de texto plano en el c\u00f3digo fuente HTML. Un usuario autenticado puede editar la configuraci\u00f3n del servidor de correo electr\u00f3nico. Una vez que el usuario accede a la funci\u00f3n de edici\u00f3n, la aplicaci\u00f3n web completa el formulario de edici\u00f3n con las credenciales actuales de la cuenta de correo electr\u00f3nico, incluida la contrase\u00f1a en texto plano.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"NONE\",\"baseScore\":6.5,\"baseSeverity\":\"MEDIUM\"},\"exploitabilityScore\":2.8,\"impactScore\":3.6}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-312\"},{\"lang\":\"en\",\"value\":\"CWE-319\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:italtel:embrace:1.6.4:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"3469B5CE-AB48-497A-94DF-820F97DB88B3\"}]}]}],\"references\":[{\"url\":\"https://www.gruppotim.it/it/footer/red-team.html\",\"source\":\"cve@mitre.org\",\"tags\":[\"Exploit\",\"Third Party Advisory\"]}]}}"
}
}
Loading...