Horizoncloud Caterease vulnerabilities
11 known vulnerabilities affecting horizoncloud/caterease.
Total CVEs
11
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
CRITICAL5HIGH5MEDIUM1
Vulnerabilities
Page 1 of 1
CVE-2024-38882P2CRITICALCVSS 9.8≥ 16.0.1.1663, ≤ 24.0.1.24052024-08-02
CVE-2024-38882 [CRITICAL] CWE-78 CVE-2024-38882: An issue in Horizon Business Services Inc. Caterease 16.0.1.1663 through 24.0.1.2405 and possibly la
An issue in Horizon Business Services Inc. Caterease 16.0.1.1663 through 24.0.1.2405 and possibly later versions, allows a remote attacker to perform command line execution through SQL Injection due to improper neutralization of special elements used in an OS command.
nvd
CVE-2024-38887P2CRITICALCVSS 9.8≥ 16.0.1.1663, ≤ 24.0.1.24052024-08-02
CVE-2024-38887 [CRITICAL] CWE-78 CVE-2024-38887: An issue in Horizon Business Services Inc. Caterease 16.0.1.1663 through 24.0.1.2405 and possibly la
An issue in Horizon Business Services Inc. Caterease 16.0.1.1663 through 24.0.1.2405 and possibly later versions, allows a remote attacker to expand control over the operating system from the database due to the execution of commands with unnecessary privileges.
nvd
CVE-2024-38889P2CRITICALCVSS 9.8≥ 16.0.1.1663, ≤ 24.0.1.24052024-08-02
CVE-2024-38889 [CRITICAL] CWE-89 CVE-2024-38889: An issue in Horizon Business Services Inc. Caterease 16.0.1.1663 through 24.0.1.2405 and possibly la
An issue in Horizon Business Services Inc. Caterease 16.0.1.1663 through 24.0.1.2405 and possibly later versions, allows a remote attacker to perform SQL Injection due to improper neutralization of special elements used in an SQL command.
nvd
CVE-2024-38886P3CRITICALCVSS 9.8≥ 16.0.1.1663, ≤ 24.0.1.24052024-08-02
CVE-2024-38886 [CRITICAL] CWE-940 CVE-2024-38886: An issue in Horizon Business Services Inc. Caterease 16.0.1.1663 through 24.0.1.2405 and possibly la
An issue in Horizon Business Services Inc. Caterease 16.0.1.1663 through 24.0.1.2405 and possibly later versions, allows a remote attacker to perform a Traffic Injection attack due to improper verification of the source of a communication channel.
nvd
CVE-2024-38883P3CRITICALCVSS 9.1≥ 16.0.1.1663, ≤ 24.0.1.24052024-08-02
CVE-2024-38883 [CRITICAL] CWE-757 CVE-2024-38883: An issue in Horizon Business Services Inc. Caterease 16.0.1.1663 through 24.0.1.2405 and possibly la
An issue in Horizon Business Services Inc. Caterease 16.0.1.1663 through 24.0.1.2405 and possibly later versions, allows a remote attacker to perform a Drop Encryption Level attack due to the selection of a less-secure algorithm during negotiation.
nvd
CVE-2024-38885P3HIGHCVSS 7.5≥ 16.0.1.1663, ≤ 24.0.1.24052024-08-02
CVE-2024-38885 [HIGH] CWE-259 CVE-2024-38885: An issue in Horizon Business Services Inc. Caterease 16.0.1.1663 through 24.0.1.2405 and possibly la
An issue in Horizon Business Services Inc. Caterease 16.0.1.1663 through 24.0.1.2405 and possibly later versions, allows a remote attacker to perform unauthorized access using known operating system credentials due to hardcoded SQL user credentials in the client application.
nvd
CVE-2024-38890P3HIGHCVSS 8.4≥ 16.0.1.1663, ≤ 24.0.1.24052024-08-02
CVE-2024-38890 [HIGH] CWE-294 CVE-2024-38890: An issue in Horizon Business Services Inc. Caterease Software 16.0.1.1663 through 24.0.1.2405 and po
An issue in Horizon Business Services Inc. Caterease Software 16.0.1.1663 through 24.0.1.2405 and possibly later versions allows a local attacker to perform an Authentication Bypass by Capture-replay attack due to insufficient protection against capture-replay attacks.
nvd
CVE-2024-38884P3HIGHCVSS 7.8≥ 16.0.1.1663, ≤ 24.0.1.24052024-08-02
CVE-2024-38884 [HIGH] CWE-863 CVE-2024-38884: An issue in Horizon Business Services Inc. Caterease 16.0.1.1663 through 24.0.1.2405 and possibly la
An issue in Horizon Business Services Inc. Caterease 16.0.1.1663 through 24.0.1.2405 and possibly later versions, allows a local attacker to perform an Authentication Bypass attack due to improperly implemented security checks for standard authentication mechanisms
nvd
CVE-2024-38881P3HIGHCVSS 7.5≥ 16.0.1.1663, ≤ 24.0.1.24052024-08-02
CVE-2024-38881 [HIGH] CWE-760 CVE-2024-38881: An issue in Horizon Business Services Inc. Caterease 16.0.1.1663 through 24.0.1.2405 and possibly la
An issue in Horizon Business Services Inc. Caterease 16.0.1.1663 through 24.0.1.2405 and possibly later versions, allows a remote attacker to perform a Rainbow Table Password cracking attack due to the use of one-way hashes without salts when storing user passwords.
nvd
CVE-2024-38891P3HIGHCVSS 7.5≥ 16.0.1.1663, ≤ 24.0.1.24052024-08-02
CVE-2024-38891 [HIGH] CWE-319 CVE-2024-38891: An issue in Horizon Business Services Inc. Caterease 16.0.1.1663 through 24.0.1.2405 and possibly la
An issue in Horizon Business Services Inc. Caterease 16.0.1.1663 through 24.0.1.2405 and possibly later versions, allows a remote attacker to perform a Sniffing Network Traffic attack due to the cleartext transmission of sensitive information.
nvd
CVE-2024-38888P4MEDIUMCVSS 6.8≥ 16.0.1.1663, ≤ 24.0.1.24052024-08-02
CVE-2024-38888 [MEDIUM] CWE-307 CVE-2024-38888: An issue in Horizon Business Services Inc. Caterease 16.0.1.1663 through 24.0.1.2405 and possibly la
An issue in Horizon Business Services Inc. Caterease 16.0.1.1663 through 24.0.1.2405 and possibly later versions, allows a local attacker to perform a Password Brute Forcing attack due to improper restriction of excessive authentication attempts.
nvd