提交 #383229: Horizon Business Services Inc. Caterease Software 16.0.1.1663 through 24.0.1.2405 CWE-89: Improper Neutralization of Special Elements used in an S信息

标题Horizon Business Services Inc. Caterease Software 16.0.1.1663 through 24.0.1.2405 CWE-89: Improper Neutralization of Special Elements used in an S
描述NOTE - This submit shall be embargoed until 14:00 CET on 2024-08-01 - NOTE CVE-2024-38889: An issue in Horizon Business Services Inc. Caterease Software allows a remote attacker to perform SQL Injection due to improper neutralization of special elements used in an SQL command. Vulnerability Type: CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vendor of the Product: Horizon Business Services Inc. Affected Product: Caterease Software Affected Versions: 16.0.1.1663 through 24.0.1.2405 Attack Vector: Remote Attack Type: CAPEC-66: SQL Injection \ CAPEC-594: Traffic Injection Vulnerability Summary: Caterease Software is vulnerable to SQL Injection due to improper neutralization of special elements in SQL commands. This vulnerability allows attackers to exploit the software by injecting malicious SQL queries through TCP packet injection techniques. Attackers can craft custom TDS payloads that bypass normal input validation and execute arbitrary SQL commands on the database. By exploiting this vulnerability, attackers can gain unauthorized access to the SQL database, manipulate or delete data, and disrupt database services. This can lead to significant security breaches, including the exposure of sensitive information, unauthorized data modification, and denial of service. The ability to execute arbitrary SQL commands compromises the confidentiality, integrity, and availability of the SQL database. CVSS Base Score: Critical Risk - 9.6 CVSS v3.1 Vector: AV:A/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H Exploitability Metrics Attack Vector (AV): Adjacent Network Attack Complexity (AC): Low Privileges Required (PR): None User Interaction (UI): None Scope (S): Changed Impact Metrics Confidentiality (C): High Integrity (I): High Availability (A): High
用户
 jTag Labs (UID 51246)
提交2024-07-30 16時59分 (2 年前)
管理2024-08-01 14時15分 (2 days later)
状态已接受
VulDB条目273373 [Horizon Business Services Caterease 直到 24.0.1.2405 TCP Packet SQL注入]
积分17

Want to know what is going to be exploited?

We predict KEV entries!