11 matches found
CVE-2024-38884
CVE-2024-38884 affects Horizon Business Services Inc. Caterease versions 16.0.1.1663–24.0.1.2405 (and possibly later). The issue arises from improperly implemented security checks for standard authentication mechanisms, enabling a local attacker to perform an authentication bypass. The connected ...
CVE-2024-38882
CVE-2024-38882 affects Horizon Business Services Inc. Caterease versions 16.0.1.1663–24.0.1.2405 (and possibly later). The issue is a remote command execution via SQL Injection caused by improper neutralization of special elements used in an OS command. Impact is high (remote, with high confident...
CVE-2024-38888
CVE-2024-38888 affects Horizon Business Services Inc. Caterease versions 16.0.1.1663 through 24.0.1.2405, where a flaw in restricting excessive authentication attempts enables a local attacker to perform a password brute force. The linked data records a CVSS v3.1 base score of 6.8 (Medium): Attac...
CVE-2024-38881
CVE-2024-38881 affects Horizon Business Services Inc. Caterease versions 16.0.1.1663 through 24.0.1.2405 and possibly later. The root cause is the storage of user passwords using one-way hashes without salts, enabling rainbow-table password cracking by a remote attacker. Reported across multiple ...
CVE-2024-38886
The CVE-2024-38886 entry concerns Horizon Business Services Inc. Caterease versions 16.0.1.1663 through 24.0.1.2405 (and possibly later versions). A remote attacker can perform a Traffic Injection attack due to improper verification of the source of a communication channel. The NVD/CNA records ra...
CVE-2024-38889
Horizon Business Services Inc. Caterease versions 16.0.1.1663 through 24.0.1.2405 (and possibly later) are affected by CVE-2024-38889 due to improper neutralization of SQL elements, enabling remote SQL Injection. The issue is documented across multiple sources (NVD/Red Hat/CVE lists and PT Securi...
CVE-2024-38885
CVE-2024-38885 affects Horizon Business Services Inc. Caterease (versions 16.0.1.1663–24.0.1.2405 and possibly later). The root cause is hardcoded SQL user credentials in the client application, enabling a remote attacker to perform unauthorized access using known operating system credentials ove...
CVE-2024-38883
Summary (CVE-2024-38883): Horizon Business Services Inc. Caterease v16.0.1.1663–v24.0.1.2405 (and possibly later) may be vulnerable to a remote, network-based attack due to negotiating with a less-secure encryption algorithm, enabling a Drop Encryption Level attack. The issue is described across ...
CVE-2024-38887
CVE-2024-38887 affects Horizon Business Services Inc. Caterease versions 16.0.1.1663–24.0.1.2405. The issue allows a remote attacker to expand control over the operating system from the database by executing commands with unnecessary privileges. Impact is described as total compromise in the sour...
CVE-2024-38890
CVE-2024-38890 affects Horizon Business Services Inc. Caterease Software versions 16.0.1.1663 through 24.0.1.2405 (potentially later) and enables a local attacker to bypass authentication via a capture-replay attack due to insufficient protection against capture-replay. The Red Hat, NVD, CVE reco...
CVE-2024-38891
CVE-2024-38891 affects Horizon Business Services Inc. Caterease versions 16.0.1.1663 through 24.0.1.2405 (and potentially later). The issue enables a remote attacker to perform a sniffing network traffic attack due to cleartext transmission of sensitive information, with impact on confidentiality...