| Título | Horizon Business Services Inc. Caterease Software 16.0.1.1663 through 24.0.1.2405 CWE-250: Execution with Unnecessary Privileges |
|---|
| Descrição | NOTE - This submit shall be embargoed until 14:00 CET on 2024-08-01 - NOTE
CVE-2024-38887: An issue in Horizon Business Services Inc. Caterease Software allows a remote
attacker to expand control over the operating system from the database due to the execution of
commands with unnecessary privileges.
Vulnerability Type: CWE-250: Execution with Unnecessary Privileges
Vendor of the Product: Horizon Business Services Inc.
Affected Product: Caterease Software
Affected Versions: 16.0.1.1663 through 24.0.1.2405
Attack Vector: Remote
Attack Type: CAPEC-470: Expanding Control over the Operating System from the Database
Vulnerability Summary: Caterease Software grants excessive privileges to the default Caterease SQL
user by making this user a member of the dbo role in the SQL database. This role grants full administrative
access not only to the Caterease Software database but also to all other databases within the SQL server.
This misconfiguration means that any action performed by the Caterease Software client, regardless of
the actual user's privileges within the application, is executed with administrative-level permissions in the
SQL database.
Exploiting this vulnerability, attackers can execute unauthorized commands with full administrative rights,
leading to unauthorized access to sensitive data, data manipulation, and potential system compromise.
Attackers can read, modify, or delete critical data, create new users with elevated privileges, and execute
arbitrary SQL commands, which can disrupt database operations. This severely impacts the confidentiality,
integrity, and availability of the SQL server and its databases, making it imperative to remediate this
vulnerability by properly configuring user roles and privileges.
CVSS Base Score: Critical Risk - 9.6
CVSS v3.1 Vector: AV:A/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
Exploitability Metrics
Attack Vector (AV): Adjacent Network
Attack Complexity (AC): Low
Privileges Required (PR): Low
User Interaction (UI): None
Scope (S): Changed
Impact Metrics
Confidentiality (C): High
Integrity (I): High
Availability (A): High |
|---|
| Utilizador | jTag Labs (UID 51246) |
|---|
| Submissão | 30/07/2024 16h57 (há 2 anos) |
|---|
| Moderação | 01/08/2024 14h15 (2 days later) |
|---|
| Estado | Aceite |
|---|
| Entrada VulDB | 273371 [Horizon Business Services Caterease até 24.0.1.2405 SQL User Elevação de Privilégios] |
|---|
| Pontos | 17 |
|---|