CVE-2024-31845

Name of the Vulnerable Software and Affected Versions Italtel Embrace version 1.6.4

Description An issue was discovered in the product where it does not neutralize or incorrectly neutralizes output that is written to logs. The web application writes logs using a GET query string parameter, which can be modified by an attacker to attribute every action they perform to a different user. This can be exploited without authentication.

Recommendations For Italtel Embrace version 1.6.4, consider restricting access to the logging functionality to prevent exploitation. As a temporary workaround, avoid using the GET query string parameter for logging until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.