जमा करें #383232: Horizon Business Services Inc. Caterease Software 16.0.1.1663 through 24.0.1.2405 CWE-319: Cleartext Transmission of Sensitive Informationजानकारी

शीर्षकHorizon Business Services Inc. Caterease Software 16.0.1.1663 through 24.0.1.2405 CWE-319: Cleartext Transmission of Sensitive Information
विवरणNOTE - This submit shall be embargoed until 14:00 CET on 2024-08-01 - NOTE CVE-2024-38891: An issue in Horizon Business Services Inc. Caterease Software allows a remote attacker to perform a Sniffing Network Traffic attack due to the cleartext transmission of sensitive information. Vulnerability Type: CWE-319: Cleartext Transmission of Sensitive Information Vendor of the Product: Horizon Business Services Inc. Affected Product: Caterease Software Affected Versions: 16.0.1.1663 through 24.0.1.2405 Attack Vector: Remote Attack Type: CAPEC-158: Sniffing Network Traffic Vulnerability Summary: Caterease Software leaks sensitive information, including user details, client details, database details, and software license keys, in cleartext during the application's startup phase. This vulnerability arises because the application transmits this information without encryption, making it vulnerable to interception by attackers using network sniffing tools. The lack of encryption during data transmission severely compromises the confidentiality of the transmitted information. CVSS Base Score: High Risk - 7.4 CVSS v3.1 Vector: AV:A/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N Exploitability Metrics Attack Vector (AV): Adjacent Network Attack Complexity (AC): Low Privileges Required (PR): None User Interaction (UI): None Scope (S): Changed Impact Metrics Confidentiality (C): High Integrity (I): None Availability (A): None
उपयोगकर्ता
 jTag Labs (UID 51246)
सबमिशन30/07/2024 05:22 PM (2 साल पहले)
संयम01/08/2024 02:15 PM (2 days later)
स्थितिस्वीकृत
VulDB प्रविष्टि273375 [Horizon Business Services Caterease तक 24.0.1.2405 कमजोर एन्क्रिप्शन]
अंक17

Want to know what is going to be exploited?

We predict KEV entries!