Caterease Security Vulnerabilities and Issues — Caterease CVE List

Lucene search

HorizoncloudCaterease

11 matches found

CVE•added 2024/08/02 6:16 p.m.•29 views

CVE-2024-38884

An issue in Horizon Business Services Inc. Caterease 16.0.1.1663 through 24.0.1.2405 and possibly later versions, allows a local attacker to perform an Authentication Bypass attack due to improperly implemented security checks for standard authentication mechanisms

7.8CVSS6.8AI score0.00085EPSS

CVE•added 2024/08/02 6:16 p.m.•26 views

CVE-2024-38882

An issue in Horizon Business Services Inc. Caterease 16.0.1.1663 through 24.0.1.2405 and possibly later versions, allows a remote attacker to perform command line execution through SQL Injection due to improper neutralization of special elements used in an OS command.

9.8CVSS8.4AI score0.01851EPSS

CVE•added 2024/08/02 8:17 p.m.•26 views

CVE-2024-38888

An issue in Horizon Business Services Inc. Caterease 16.0.1.1663 through 24.0.1.2405 and possibly later versions, allows a local attacker to perform a Password Brute Forcing attack due to improper restriction of excessive authentication attempts.

6.8CVSS7AI score0.00069EPSS

CVE•added 2024/08/02 8:17 p.m.•25 views

CVE-2024-38889

An issue in Horizon Business Services Inc. Caterease 16.0.1.1663 through 24.0.1.2405 and possibly later versions, allows a remote attacker to perform SQL Injection due to improper neutralization of special elements used in an SQL command.

9.8CVSS8.3AI score0.00477EPSS

CVE•added 2024/08/02 6:16 p.m.•24 views

CVE-2024-38881

An issue in Horizon Business Services Inc. Caterease 16.0.1.1663 through 24.0.1.2405 and possibly later versions, allows a remote attacker to perform a Rainbow Table Password cracking attack due to the use of one-way hashes without salts when storing user passwords.

7.5CVSS7.3AI score0.00167EPSS

CVE•added 2024/08/02 6:16 p.m.•24 views

CVE-2024-38886

An issue in Horizon Business Services Inc. Caterease 16.0.1.1663 through 24.0.1.2405 and possibly later versions, allows a remote attacker to perform a Traffic Injection attack due to improper verification of the source of a communication channel.

9.8CVSS7.4AI score0.00882EPSS

CVE•added 2024/08/02 6:16 p.m.•23 views

CVE-2024-38885

An issue in Horizon Business Services Inc. Caterease 16.0.1.1663 through 24.0.1.2405 and possibly later versions, allows a remote attacker to perform unauthorized access using known operating system credentials due to hardcoded SQL user credentials in the client application.

7.5CVSS7.9AI score0.00152EPSS

CVE•added 2024/08/02 9:16 p.m.•22 views

CVE-2024-38887

An issue in Horizon Business Services Inc. Caterease 16.0.1.1663 through 24.0.1.2405 and possibly later versions, allows a remote attacker to expand control over the operating system from the database due to the execution of commands with unnecessary privileges.

9.8CVSS7AI score0.07674EPSS

CVE•added 2024/08/02 6:16 p.m.•20 views

CVE-2024-38883

An issue in Horizon Business Services Inc. Caterease 16.0.1.1663 through 24.0.1.2405 and possibly later versions, allows a remote attacker to perform a Drop Encryption Level attack due to the selection of a less-secure algorithm during negotiation.

9.1CVSS7.1AI score0.00111EPSS

CVE•added 2024/08/02 3:16 p.m.•19 views

CVE-2024-38890

An issue in Horizon Business Services Inc. Caterease Software 16.0.1.1663 through 24.0.1.2405 and possibly later versions allows a local attacker to perform an Authentication Bypass by Capture-replay attack due to insufficient protection against capture-replay attacks.

8.4CVSS6.8AI score0.00071EPSS

CVE•added 2024/08/02 9:16 p.m.•16 views

CVE-2024-38891

An issue in Horizon Business Services Inc. Caterease 16.0.1.1663 through 24.0.1.2405 and possibly later versions, allows a remote attacker to perform a Sniffing Network Traffic attack due to the cleartext transmission of sensitive information.

9.1CVSS6.7AI score0.00094EPSS