PT-2024-28258 · Horizon Business Services Inc. · Caterease
Published
2024-08-02
·
Updated
2024-08-20
·
CVE-2024-38887
CVSS v3.1
9.8
Critical
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
Horizon Business Services Inc. Caterease versions 16.0.1.1663 through 24.0.1.2405
Description
The issue allows a remote attacker to expand control over the operating system from the database due to the execution of commands with unnecessary privileges.
Recommendations
For versions 16.0.1.1663 through 24.0.1.2405, consider restricting database access to minimize the risk of exploitation until a patch is available.
At the moment, there is no information about a newer version that contains a fix for this vulnerability.
Exploit
OS Command Injection
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Caterease