CVE-2024-38890

HIGH

Horizoncloud Caterease < 24.0.1.2405 - Authentication Bypass

Title source: rule

Description

An issue in Horizon Business Services Inc. Caterease Software 16.0.1.1663 through 24.0.1.2405 and possibly later versions allows a local attacker to perform an Authentication Bypass by Capture-replay attack due to insufficient protection against capture-replay attacks.

References (2)

[Third Party Advisory] https://packetstormsecurity.com/files/179892/Caterease-Software-SQL-Injection-Command-Injection-Bypass.html

[Third Party Advisory, VDB Entry] https://vuldb.com/?id.273374

Scores

CVSS v3 8.4

EPSS 0.0002

EPSS Percentile 5.5%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact total

Details

CWE

CWE-294

Status published

Products (1)

horizoncloud/caterease 16.0.1.1663 - 24.0.1.2405

Published Aug 02, 2024

Tracked Since Feb 18, 2026