Отправить #383229: Horizon Business Services Inc. Caterease Software 16.0.1.1663 through 24.0.1.2405 CWE-89: Improper Neutralization of Special Elements used in an SИнформация

НазваниеHorizon Business Services Inc. Caterease Software 16.0.1.1663 through 24.0.1.2405 CWE-89: Improper Neutralization of Special Elements used in an S
ОписаниеNOTE - This submit shall be embargoed until 14:00 CET on 2024-08-01 - NOTE CVE-2024-38889: An issue in Horizon Business Services Inc. Caterease Software allows a remote attacker to perform SQL Injection due to improper neutralization of special elements used in an SQL command. Vulnerability Type: CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vendor of the Product: Horizon Business Services Inc. Affected Product: Caterease Software Affected Versions: 16.0.1.1663 through 24.0.1.2405 Attack Vector: Remote Attack Type: CAPEC-66: SQL Injection \ CAPEC-594: Traffic Injection Vulnerability Summary: Caterease Software is vulnerable to SQL Injection due to improper neutralization of special elements in SQL commands. This vulnerability allows attackers to exploit the software by injecting malicious SQL queries through TCP packet injection techniques. Attackers can craft custom TDS payloads that bypass normal input validation and execute arbitrary SQL commands on the database. By exploiting this vulnerability, attackers can gain unauthorized access to the SQL database, manipulate or delete data, and disrupt database services. This can lead to significant security breaches, including the exposure of sensitive information, unauthorized data modification, and denial of service. The ability to execute arbitrary SQL commands compromises the confidentiality, integrity, and availability of the SQL database. CVSS Base Score: Critical Risk - 9.6 CVSS v3.1 Vector: AV:A/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H Exploitability Metrics Attack Vector (AV): Adjacent Network Attack Complexity (AC): Low Privileges Required (PR): None User Interaction (UI): None Scope (S): Changed Impact Metrics Confidentiality (C): High Integrity (I): High Availability (A): High
Пользователь
 jTag Labs (UID 51246)
Представление30.07.2024 16:59 (2 лет назад)
Модерация01.08.2024 14:15 (2 days later)
Статуспринято
Запись VulDB273373 [Horizon Business Services Caterease до 24.0.1.2405 TCP Packet SQL-инъекция]
Баллы17

Do you need the next level of professionalism?

Upgrade your account now!