CVE-2024-38886

An issue in Horizon Business Services Inc. Caterease 16.0.1.1663 through 24.0.1.2405 and possibly later versions, allows a remote attacker to perform a Traffic Injection attack due to improper verification of the source of a communication channel.
Configurations

Configuration 1 (hide)

cpe:2.3:a:horizoncloud:caterease:*:*:*:*:*:*:*:*

History

10 Sep 2024, 16:40

Type Values Removed Values Added
CWE NVD-CWE-Other
First Time Horizoncloud
Horizoncloud caterease
CPE cpe:2.3:a:horizoncloud:caterease:*:*:*:*:*:*:*:*
References () http://caterease.com - () http://caterease.com - Product
References () http://horizon.com - () http://horizon.com - Product
References () https://packetstormsecurity.com/files/179892/Caterease-Software-SQL-Injection-Command-Injection-Bypass.html - () https://packetstormsecurity.com/files/179892/Caterease-Software-SQL-Injection-Command-Injection-Bypass.html - Third Party Advisory
References () https://vuldb.com/?id.273370 - () https://vuldb.com/?id.273370 - VDB Entry

07 Aug 2024, 16:15

Type Values Removed Values Added
References
  • () https://packetstormsecurity.com/files/179892/Caterease-Software-SQL-Injection-Command-Injection-Bypass.html -

06 Aug 2024, 23:35

Type Values Removed Values Added
CVSS v2 : unknown
v3 : unknown
v2 : unknown
v3 : 9.8
CWE CWE-940

05 Aug 2024, 12:41

Type Values Removed Values Added
Summary
  • (es) Un problema en Horizon Business Services Inc. Caterease 16.0.1.1663 hasta 24.0.1.2405 y posiblemente versiones posteriores permite a un atacante remoto realizar un ataque de inyección de tráfico debido a una verificación inadecuada de la fuente de un canal de comunicación.

02 Aug 2024, 18:16

Type Values Removed Values Added
New CVE

Information

Published : 2024-08-02 18:16

Updated : 2024-09-10 16:40


NVD link : CVE-2024-38886

Mitre link : CVE-2024-38886

CVE.ORG link : CVE-2024-38886


JSON object : View

Products Affected

horizoncloud

  • caterease
CWE
NVD-CWE-Other CWE-940

Improper Verification of Source of a Communication Channel