CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-38881 – Caterease SQL Injection / Command Injection / Bypass
https://notcve.org/view.php?id=CVE-2024-38881
02 Aug 2024 — An issue in Horizon Business Services Inc. Caterease 16.0.1.1663 through 24.0.1.2405 and possibly later versions, allows a remote attacker to perform a Rainbow Table Password cracking attack due to the use of one-way hashes without salts when storing user passwords. This is the official vulnerability disclosure report for CVEs CVE-2024-38881 through CVE-2024-38891 by jTag Labs. This report details critical security vulnerabilities found within Caterease, a product of Horizon Business Services Inc. These vul... • http://caterease.com • CWE-760: Use of a One-Way Hash with a Predictable Salt •
CVSS: 8.4EPSS: 0%CPEs: 1EXPL: 0CVE-2024-38890 – Caterease SQL Injection / Command Injection / Bypass
https://notcve.org/view.php?id=CVE-2024-38890
02 Aug 2024 — An issue in Horizon Business Services Inc. Caterease Software 16.0.1.1663 through 24.0.1.2405 and possibly later versions allows a local attacker to perform an Authentication Bypass by Capture-replay attack due to insufficient protection against capture-replay attacks. This is the official vulnerability disclosure report for CVEs CVE-2024-38881 through CVE-2024-38891 by jTag Labs. This report details critical security vulnerabilities found within Caterease, a product of Horizon Business Services Inc. These ... • https://vuldb.com/?id.273374 • CWE-294: Authentication Bypass by Capture-replay •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-38882 – Caterease SQL Injection / Command Injection / Bypass
https://notcve.org/view.php?id=CVE-2024-38882
02 Aug 2024 — An issue in Horizon Business Services Inc. Caterease 16.0.1.1663 through 24.0.1.2405 and possibly later versions, allows a remote attacker to perform command line execution through SQL Injection due to improper neutralization of special elements used in an OS command. This is the official vulnerability disclosure report for CVEs CVE-2024-38881 through CVE-2024-38891 by jTag Labs. This report details critical security vulnerabilities found within Caterease, a product of Horizon Business Services Inc. These v... • http://caterease.com • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 9.1EPSS: 0%CPEs: 1EXPL: 0CVE-2024-38891 – Caterease SQL Injection / Command Injection / Bypass
https://notcve.org/view.php?id=CVE-2024-38891
02 Aug 2024 — An issue in Horizon Business Services Inc. Caterease 16.0.1.1663 through 24.0.1.2405 and possibly later versions, allows a remote attacker to perform a Sniffing Network Traffic attack due to the cleartext transmission of sensitive information. This is the official vulnerability disclosure report for CVEs CVE-2024-38881 through CVE-2024-38891 by jTag Labs. This report details critical security vulnerabilities found within Caterease, a product of Horizon Business Services Inc. These vulnerabilities have signi... • http://caterease.com • CWE-319: Cleartext Transmission of Sensitive Information •
CVSS: 6.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-38888 – Caterease SQL Injection / Command Injection / Bypass
https://notcve.org/view.php?id=CVE-2024-38888
02 Aug 2024 — An issue in Horizon Business Services Inc. Caterease 16.0.1.1663 through 24.0.1.2405 and possibly later versions, allows a local attacker to perform a Password Brute Forcing attack due to improper restriction of excessive authentication attempts. This is the official vulnerability disclosure report for CVEs CVE-2024-38881 through CVE-2024-38891 by jTag Labs. This report details critical security vulnerabilities found within Caterease, a product of Horizon Business Services Inc. These vulnerabilities have si... • http://caterease.com • CWE-307: Improper Restriction of Excessive Authentication Attempts •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-38886 – Caterease SQL Injection / Command Injection / Bypass
https://notcve.org/view.php?id=CVE-2024-38886
02 Aug 2024 — An issue in Horizon Business Services Inc. Caterease 16.0.1.1663 through 24.0.1.2405 and possibly later versions, allows a remote attacker to perform a Traffic Injection attack due to improper verification of the source of a communication channel. This is the official vulnerability disclosure report for CVEs CVE-2024-38881 through CVE-2024-38891 by jTag Labs. This report details critical security vulnerabilities found within Caterease, a product of Horizon Business Services Inc. These vulnerabilities have s... • http://caterease.com • CWE-940: Improper Verification of Source of a Communication Channel •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-38884 – Caterease SQL Injection / Command Injection / Bypass
https://notcve.org/view.php?id=CVE-2024-38884
02 Aug 2024 — An issue in Horizon Business Services Inc. Caterease 16.0.1.1663 through 24.0.1.2405 and possibly later versions, allows a local attacker to perform an Authentication Bypass attack due to improperly implemented security checks for standard authentication mechanisms This is the official vulnerability disclosure report for CVEs CVE-2024-38881 through CVE-2024-38891 by jTag Labs. This report details critical security vulnerabilities found within Caterease, a product of Horizon Business Services Inc. These vuln... • http://caterease.com • CWE-592: DEPRECATED: Authentication Bypass Issues •
CVSS: 9.1EPSS: 0%CPEs: 1EXPL: 0CVE-2024-38883 – Caterease SQL Injection / Command Injection / Bypass
https://notcve.org/view.php?id=CVE-2024-38883
02 Aug 2024 — An issue in Horizon Business Services Inc. Caterease 16.0.1.1663 through 24.0.1.2405 and possibly later versions, allows a remote attacker to perform a Drop Encryption Level attack due to the selection of a less-secure algorithm during negotiation. This is the official vulnerability disclosure report for CVEs CVE-2024-38881 through CVE-2024-38891 by jTag Labs. This report details critical security vulnerabilities found within Caterease, a product of Horizon Business Services Inc. These vulnerabilities have ... • http://caterease.com • CWE-757: Selection of Less-Secure Algorithm During Negotiation ('Algorithm Downgrade') •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-38887 – Caterease SQL Injection / Command Injection / Bypass
https://notcve.org/view.php?id=CVE-2024-38887
02 Aug 2024 — An issue in Horizon Business Services Inc. Caterease 16.0.1.1663 through 24.0.1.2405 and possibly later versions, allows a remote attacker to expand control over the operating system from the database due to the execution of commands with unnecessary privileges. This is the official vulnerability disclosure report for CVEs CVE-2024-38881 through CVE-2024-38891 by jTag Labs. This report details critical security vulnerabilities found within Caterease, a product of Horizon Business Services Inc. These vulnera... • http://caterease.com • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-38889 – Caterease SQL Injection / Command Injection / Bypass
https://notcve.org/view.php?id=CVE-2024-38889
02 Aug 2024 — An issue in Horizon Business Services Inc. Caterease 16.0.1.1663 through 24.0.1.2405 and possibly later versions, allows a remote attacker to perform SQL Injection due to improper neutralization of special elements used in an SQL command. This is the official vulnerability disclosure report for CVEs CVE-2024-38881 through CVE-2024-38891 by jTag Labs. This report details critical security vulnerabilities found within Caterease, a product of Horizon Business Services Inc. These vulnerabilities have significan... • http://caterease.com • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •