CVE-2024-31844

Name of the Vulnerable Software and Affected Versions Italtel Embrace version 1.6.4

Description An issue was discovered where the server does not properly handle application errors, leading to a disclosure of information about the server. An unauthenticated user can craft specific requests to make the application generate an error, revealing information such as the absolute path of the source code of the application. This information can help an attacker perform other attacks against the system. The issue can be exploited without authentication.

Recommendations For Italtel Embrace version 1.6.4, consider implementing proper error handling mechanisms to prevent information disclosure. As a temporary workaround, restrict access to error messages to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.