CVE-2024-31845
Published: 21 May 2024
Summary
CVE-2024-31845 is a medium-severity Improper Output Neutralization for Logs (CWE-117) vulnerability in Italtel Embrace. Its CVSS base score is 5.3 (Medium).
Operationally, ranked at the 37.3th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2024-29715
Vulnerability details
An issue was discovered in Italtel Embrace 1.6.4. The product does not neutralize or incorrectly neutralizes output that is written to logs. The web application writes logs using a GET query string parameter. This parameter can be modified by an…
more
attacker, so that every action he performs is attributed to a different user. This can be exploited without authentication.
- CWE(s)
Related Threats
No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.
Affected Assets
Mitigating Controls
Likely Mitigating Controls AI
Per-CVE control mapping for this CVE has not run yet; the list below is derived from the weakness types (CWEs) cited in the NVD entry.