Lucene search

[email protected]NVD:CVE-2024-38889

HistoryAug 02, 2024 - 8:17 p.m.

CVE-2024-38889

2024-08-0220:17:00

CWE-78

CWE-89

[email protected]

web.nvd.nist.gov

sql injection

horizon business services inc. caterease

remote attacker

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

EPSS

0.006

Percentile

78.7%

JSON

An issue in Horizon Business Services Inc. Caterease 16.0.1.1663 through 24.0.1.2405 and possibly later versions, allows a remote attacker to perform SQL Injection due to improper neutralization of special elements used in an SQL command.

Affected configurations

Nvd

Node

horizoncloudcatereaseRange16.0.1.1663–24.0.1.2405

VendorProductVersionCPE
horizoncloudcaterease*cpe:2.3:a:horizoncloud:caterease:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
horizoncloud	caterease	*	cpe:2.3:a:horizoncloud:caterease::::::::

References

caterease.com

horizon.com

packetstormsecurity.com/files/179892/Caterease-Software-SQL-Injection-Command-Injection-Bypass.html

vuldb.com/?id.273373

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

EPSS

0.006

Percentile

78.7%

JSON

Related for NVD:CVE-2024-38889

cvelist1 cve1 vulnrichment1