| शीर्षक | Horizon Business Services Inc. Caterease Software 16.0.1.1663 through 24.0.1.2405 CWE-319: Cleartext Transmission of Sensitive Information |
|---|
| विवरण | NOTE - This submit shall be embargoed until 14:00 CET on 2024-08-01 - NOTE
CVE-2024-38891: An issue in Horizon Business Services Inc. Caterease Software allows a remote
attacker to perform a Sniffing Network Traffic attack due to the cleartext transmission of sensitive
information.
Vulnerability Type: CWE-319: Cleartext Transmission of Sensitive Information
Vendor of the Product: Horizon Business Services Inc.
Affected Product: Caterease Software
Affected Versions: 16.0.1.1663 through 24.0.1.2405
Attack Vector: Remote
Attack Type: CAPEC-158: Sniffing Network Traffic
Vulnerability Summary: Caterease Software leaks sensitive information, including user details, client
details, database details, and software license keys, in cleartext during the application's startup phase. This
vulnerability arises because the application transmits this information without encryption, making it
vulnerable to interception by attackers using network sniffing tools. The lack of encryption during data
transmission severely compromises the confidentiality of the transmitted information.
CVSS Base Score: High Risk - 7.4
CVSS v3.1 Vector: AV:A/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N
Exploitability Metrics
Attack Vector (AV): Adjacent Network
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): None
Scope (S): Changed
Impact Metrics
Confidentiality (C): High
Integrity (I): None
Availability (A): None
|
|---|
| उपयोगकर्ता | jTag Labs (UID 51246) |
|---|
| सबमिशन | 30/07/2024 05:22 PM (2 साल पहले) |
|---|
| संयम | 01/08/2024 02:15 PM (2 days later) |
|---|
| स्थिति | स्वीकृत |
|---|
| VulDB प्रविष्टि | 273375 [Horizon Business Services Caterease तक 24.0.1.2405 कमजोर एन्क्रिप्शन] |
|---|
| अंक | 17 |
|---|