Enviar #383225: Horizon Business Services Inc. Caterease Software 16.0.1.1663 through 24.0.1.2405 CWE-259: Use of Hard-coded Passwordinformación

TítuloHorizon Business Services Inc. Caterease Software 16.0.1.1663 through 24.0.1.2405 CWE-259: Use of Hard-coded Password
DescripciónNOTE - This submit shall be embargoed until 14:00 CET on 2024-08-01 - NOTE CVE-2024-38885: An issue in Horizon Business Services Inc. Caterease Software allows a remote attacker to perform unauthorized access using known operating system credentials due to hardcoded SQL user credentials in the client application. Vulnerability Type: CWE-259: Use of Hard-coded Password Vendor of the Product: Horizon Business Services Inc. Affected Product: Caterease Software Affected Versions: 16.0.1.1663 through 24.0.1.2405 Attack Vector: Remote Attack Type: CAPEC-653: Use of Known Operating System Credentials Vulnerability Summary: Caterease Software contains hardcoded SQL user credentials within the client application. These credentials are embedded in the software and are identical across all instances of the application, making them a single point of failure. Attackers who gain access to the client application can easily extract these hardcoded credentials and use them to log in to any Caterease Software SQL database. The SQL user associated with these credentials is a member of the DBO group, granting it elevated privileges within the SQL server. This means that once attackers have the credentials, they can access and control the entire SQL server. They can read and exfiltrate sensitive data, modify or delete database records, and execute arbitrary SQL commands. This vulnerability severely impacts the confidentiality, integrity, and availability of the database. CVSS Base Score: High Risk - 8.8 CVSS v3.1 Vector: AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Exploitability Metrics Attack Vector (AV): Adjacent Network Attack Complexity (AC): Low Privileges Required (PR): None User Interaction (UI): None Scope (S): Unchanged Impact Metrics Confidentiality (C): High Integrity (I): High Availability (A): High
Usuario
 jTag Labs (UID 51246)
Sumisión2024-07-30 16:55 (hace 2 años)
Moderación2024-08-01 14:15 (2 days later)
EstadoAceptado
Entrada de VulDB273369 [Horizon Business Services Caterease hasta 24.0.1.2405 SQL User autenticación débil]
Puntos17

AnteriorVisión De ConjuntoPróximo

Might our Artificial Intelligence support you?

Check our Alexa App!