Italtel S.p.A.
Products
3- 8 CVEs
- 4 CVEs
- 3 CVEs
Recent CVEs
15| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2024-28805 | Cri | 0.59 | 9.1 | 0.00 | Jul 29, 2024 | An issue was discovered in Italtel i-MCS NFV 12.1.0-20211215. There is Incorrect Access Control. | ||
| CVE-2022-39811 | Cri | 0.59 | 9.1 | 0.01 | Jan 27, 2023 | Italtel NetMatch-S CI 5.2.0-20211008 has incorrect Access Control under NMSCI-WebGui/advancedsettings.jsp and NMSCIWebGui/SaveFileUploader. By not verifying permissions for access to resources, it allows an attacker to view pages that are not allowed, and modify the system… | ||
| CVE-2024-31842 | Hig | 0.57 | 8.8 | 0.00 | Aug 20, 2024 | An issue was discovered in Italtel Embrace 1.6.4. The web application inserts the access token of an authenticated user inside GET requests. The query string for the URL could be saved in the browser's history, passed through Referers to other web sites, stored in web logs, or… | ||
| CVE-2024-28806 | Hig | 0.49 | 7.5 | 0.01 | Jul 29, 2024 | An issue was discovered in Italtel i-MCS NFV 12.1.0-20211215. Remote unauthenticated attackers can upload files at an arbitrary path. | ||
| CVE-2024-31846 | Hig | 0.49 | 7.5 | 0.01 | Apr 19, 2024 | An issue was discovered in Italtel Embrace 1.6.4. The web application does not restrict or incorrectly restricts access to a resource from an unauthorized actor. | ||
| CVE-2024-31841 | Hig | 0.49 | 7.5 | 0.01 | Apr 19, 2024 | An issue was discovered in Italtel Embrace 1.6.4. The web server fails to sanitize input data, allowing remote unauthenticated attackers to read arbitrary files on the filesystem. | ||
| CVE-2022-39812 | Hig | 0.49 | 7.5 | 0.01 | Jan 27, 2023 | Italtel NetMatch-S CI 5.2.0-20211008 allows Absolute Path Traversal under NMSCI-WebGui/SaveFileUploader. An unauthenticated user can upload files to an arbitrary path. An attacker can change the uploadDir parameter in a POST request (not possible using the GUI) to an arbitrary… | ||
| CVE-2024-28804 | Hig | 0.46 | 7.1 | 0.00 | Jul 29, 2024 | An issue was discovered in Italtel i-MCS NFV 12.1.0-20211215. Stored Cross-site scripting (XSS) can occur via POST. | ||
| CVE-2024-31840 | Med | 0.42 | 6.5 | 0.00 | May 21, 2024 | An issue was discovered in Italtel Embrace 1.6.4. The web application inserts cleartext passwords in the HTML source code. An authenticated user is able to edit the configuration of the email server. Once the user access the edit function, the web application fills the edit form… | ||
| CVE-2024-28803 | Med | 0.40 | 6.1 | 0.00 | Mar 13, 2025 | Cross-site scripting (XSS) vulnerability in Italtel S.p.A. i-MCS NFV v.12.1.0-20211215 allows unauthenticated remote attackers to inject arbitrary web script or HTML into HTTP/POST parameter | ||
| CVE-2024-31847 | Med | 0.40 | 6.1 | 0.00 | May 21, 2024 | An issue was discovered in Italtel Embrace 1.6.4. A stored cross-site scripting (XSS) vulnerability allows authenticated and unauthenticated remote attackers to inject arbitrary web script or HTML into a GET parameter. This reflects/stores the user input without sanitization. | ||
| CVE-2022-39813 | Med | 0.40 | 6.1 | 0.00 | Jan 27, 2023 | Italtel NetMatch-S CI 5.2.0-20211008 allows Multiple Reflected/Stored XSS issues under NMSCIWebGui/j_security_check via the j_username parameter, or NMSCIWebGui/actloglineview.jsp via the name or actLine parameter. An attacker leveraging this vulnerability could inject arbitrary… | ||
| CVE-2024-31845 | Med | 0.34 | 5.3 | 0.00 | May 21, 2024 | An issue was discovered in Italtel Embrace 1.6.4. The product does not neutralize or incorrectly neutralizes output that is written to logs. The web application writes logs using a GET query string parameter. This parameter can be modified by an attacker, so that every action he… | ||
| CVE-2024-31844 | Med | 0.34 | 5.3 | 0.01 | May 21, 2024 | An issue was discovered in Italtel Embrace 1.6.4. The server does not properly handle application errors. In some cases, this leads to a disclosure of information about the server. An unauthenticated user is able craft specific requests in order to make the application generate… | ||
| CVE-2024-31843 | Med | 0.27 | 4.1 | 0.01 | May 23, 2024 | An issue was discovered in Italtel Embrace 1.6.4. The Web application does not properly check the parameters sent as input before they are processed on the server side. This allows authenticated users to execute commands on the Operating System. |
- risk 0.59cvss 9.1epss 0.00
An issue was discovered in Italtel i-MCS NFV 12.1.0-20211215. There is Incorrect Access Control.
- risk 0.59cvss 9.1epss 0.01
Italtel NetMatch-S CI 5.2.0-20211008 has incorrect Access Control under NMSCI-WebGui/advancedsettings.jsp and NMSCIWebGui/SaveFileUploader. By not verifying permissions for access to resources, it allows an attacker to view pages that are not allowed, and modify the system…
- risk 0.57cvss 8.8epss 0.00
An issue was discovered in Italtel Embrace 1.6.4. The web application inserts the access token of an authenticated user inside GET requests. The query string for the URL could be saved in the browser's history, passed through Referers to other web sites, stored in web logs, or…
- risk 0.49cvss 7.5epss 0.01
An issue was discovered in Italtel i-MCS NFV 12.1.0-20211215. Remote unauthenticated attackers can upload files at an arbitrary path.
- risk 0.49cvss 7.5epss 0.01
An issue was discovered in Italtel Embrace 1.6.4. The web application does not restrict or incorrectly restricts access to a resource from an unauthorized actor.
- risk 0.49cvss 7.5epss 0.01
An issue was discovered in Italtel Embrace 1.6.4. The web server fails to sanitize input data, allowing remote unauthenticated attackers to read arbitrary files on the filesystem.
- risk 0.49cvss 7.5epss 0.01
Italtel NetMatch-S CI 5.2.0-20211008 allows Absolute Path Traversal under NMSCI-WebGui/SaveFileUploader. An unauthenticated user can upload files to an arbitrary path. An attacker can change the uploadDir parameter in a POST request (not possible using the GUI) to an arbitrary…
- risk 0.46cvss 7.1epss 0.00
An issue was discovered in Italtel i-MCS NFV 12.1.0-20211215. Stored Cross-site scripting (XSS) can occur via POST.
- risk 0.42cvss 6.5epss 0.00
An issue was discovered in Italtel Embrace 1.6.4. The web application inserts cleartext passwords in the HTML source code. An authenticated user is able to edit the configuration of the email server. Once the user access the edit function, the web application fills the edit form…
- risk 0.40cvss 6.1epss 0.00
Cross-site scripting (XSS) vulnerability in Italtel S.p.A. i-MCS NFV v.12.1.0-20211215 allows unauthenticated remote attackers to inject arbitrary web script or HTML into HTTP/POST parameter
- risk 0.40cvss 6.1epss 0.00
An issue was discovered in Italtel Embrace 1.6.4. A stored cross-site scripting (XSS) vulnerability allows authenticated and unauthenticated remote attackers to inject arbitrary web script or HTML into a GET parameter. This reflects/stores the user input without sanitization.
- risk 0.40cvss 6.1epss 0.00
Italtel NetMatch-S CI 5.2.0-20211008 allows Multiple Reflected/Stored XSS issues under NMSCIWebGui/j_security_check via the j_username parameter, or NMSCIWebGui/actloglineview.jsp via the name or actLine parameter. An attacker leveraging this vulnerability could inject arbitrary…
- risk 0.34cvss 5.3epss 0.00
An issue was discovered in Italtel Embrace 1.6.4. The product does not neutralize or incorrectly neutralizes output that is written to logs. The web application writes logs using a GET query string parameter. This parameter can be modified by an attacker, so that every action he…
- risk 0.34cvss 5.3epss 0.01
An issue was discovered in Italtel Embrace 1.6.4. The server does not properly handle application errors. In some cases, this leads to a disclosure of information about the server. An unauthenticated user is able craft specific requests in order to make the application generate…
- risk 0.27cvss 4.1epss 0.01
An issue was discovered in Italtel Embrace 1.6.4. The Web application does not properly check the parameters sent as input before they are processed on the server side. This allows authenticated users to execute commands on the Operating System.