Italtel Embrace

Italtel Embrace 1.6.4 GET Token Leak Leads to Account Takeover
CVE-2024-31842 8.8 - High - August 20, 2024

An issue was discovered in Italtel Embrace 1.6.4. The web application inserts the access token of an authenticated user inside GET requests. The query string for the URL could be saved in the browser's history, passed through Referers to other web sites, stored in web logs, or otherwise recorded in other sources. If the query string contains sensitive information such as session identifiers, then attackers can use this information to launch further attacks. Because the access token in sent in GET requests, this vulnerability could lead to complete account takeover.

Italtel Embrace 1.6.4: Auth OS Command Injection
CVE-2024-31843 - May 23, 2024

An issue was discovered in Italtel Embrace 1.6.4. The Web application does not properly check the parameters sent as input before they are processed on the server side. This allows authenticated users to execute commands on the Operating System.

Stored XSS in Italtel Embrace 1.6.4 via GET param
CVE-2024-31847 6.1 - Medium - May 21, 2024

An issue was discovered in Italtel Embrace 1.6.4. A stored cross-site scripting (XSS) vulnerability allows authenticated and unauthenticated remote attackers to inject arbitrary web script or HTML into a GET parameter. This reflects/stores the user input without sanitization.

XSS

Italtel Embrace 1.6.4 Path Disclosure via Error Handling
CVE-2024-31844 5.3 - Medium - May 21, 2024

An issue was discovered in Italtel Embrace 1.6.4. The server does not properly handle application errors. In some cases, this leads to a disclosure of information about the server. An unauthenticated user is able craft specific requests in order to make the application generate an error. Inside an error message, some information about the server is revealed, such as the absolute path of the source code of the application. This kind of information can help an attacker to perform other attacks against the system. This can be exploited without authentication.

Generation of Error Message Containing Sensitive Information

Italtel Embrace 1.6.4 UI Reveals Cleartext Email Password
CVE-2024-31840 6.5 - Medium - May 21, 2024

An issue was discovered in Italtel Embrace 1.6.4. The web application inserts cleartext passwords in the HTML source code. An authenticated user is able to edit the configuration of the email server. Once the user access the edit function, the web application fills the edit form with the current credentials for the email account, including the cleartext password.

Cleartext Storage of Sensitive Information

Italtel Embrace 1.6.4 Log Injection via GET Parameter Exposes User Attribution
CVE-2024-31845 - May 21, 2024

An issue was discovered in Italtel Embrace 1.6.4. The product does not neutralize or incorrectly neutralizes output that is written to logs. The web application writes logs using a GET query string parameter. This parameter can be modified by an attacker, so that every action he performs is attributed to a different user. This can be exploited without authentication.

Italtel Embrace 1.6.4: Unauthorized Access Vulnerability
CVE-2024-31846 - April 19, 2024

An issue was discovered in Italtel Embrace 1.6.4. The web application does not restrict or incorrectly restricts access to a resource from an unauthorized actor.

Italtel Embrace 1.6.4: Unauth Remote LFI via Unsanitized Input
CVE-2024-31841 - April 19, 2024

An issue was discovered in Italtel Embrace 1.6.4. The web server fails to sanitize input data, allowing remote unauthenticated attackers to read arbitrary files on the filesystem.