PT-2024-28256 · Horizon Business Services Inc. · Caterease

Published

2024-08-02

Updated

2024-08-05

CVE-2024-38885

CVSS v3.1

7.5

High

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Name of the Vulnerable Software and Affected Versions Horizon Business Services Inc. Caterease versions 16.0.1.1663 through 24.0.1.2405

Description The issue allows a remote attacker to perform unauthorized access using known operating system credentials due to hardcoded SQL user credentials in the client application.

Recommendations For versions 16.0.1.1663 through 24.0.1.2405, consider changing the hardcoded SQL user credentials in the client application to prevent unauthorized access. As a temporary workaround, restrict access to the client application until a patch is available.

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-259

Related Identifiers

CVE-2024-38885

Affected Products

Caterease

PT-2024-28256 · Horizon Business Services Inc. · Caterease

CVE-2024-38885

Weakness Enumeration

Related Identifiers

Affected Products

References · 7