CVE-2024-38885

HIGH

Horizon Business Services Inc. Caterease <24.0.1.2405 - Privilege E...

Title source: llm
STIX 2.1

Description

An issue in Horizon Business Services Inc. Caterease 16.0.1.1663 through 24.0.1.2405 and possibly later versions, allows a remote attacker to perform unauthorized access using known operating system credentials due to hardcoded SQL user credentials in the client application.

References (3)

Scores

CVSS v3 7.5
EPSS 0.0018
EPSS Percentile 39.0%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

CISA SSVC

Vulnrichment
Exploitation none
Automatable yes
Technical Impact partial

Details

CWE
CWE-259
Status published
Products (1)
horizoncloud/caterease 16.0.1.1663 - 24.0.1.2405
Published Aug 02, 2024
Tracked Since Feb 18, 2026