CRITICAL🇵🇱 Wersja polska

CVE-2024-38886

CVSS 9.8v3.1pub. 2024-08-02upd. 2026-07-05

An issue in Horizon Business Services Inc. Caterease 16.0.1.1663 through 24.0.1.2405 and possibly later versions, allows a remote attacker to perform a Traffic Injection attack due to improper verification of the source of a communication channel.

🤖 AI Analysis
How it works

An attacker remotely, without authentication and without user interaction, can inject malicious network traffic into the application's communication channel. The cause is the lack of proper verification of the communication source (CWE-940 – Improper Verification of Source of a Communication Channel), which allows for substitution or modification of transmitted data. The attack vector is network-based, and the low attack complexity makes it possible to execute it in an automated manner.

Impact

An attacker can gain full access to sensitive data, modify or delete data processed by the application, and cause system unavailability – which corresponds to the highest ratings for confidentiality, integrity, and availability (C:H/I:H/A:H) on the CVSS scale.

Mitigation & patch

Patches available from the vendor should be applied in accordance with the references. It is recommended to monitor updates on the vendor's website (caterease.com) and implement fixes immediately upon release. It is also recommended to restrict network access to the Caterease application exclusively to trusted IP addresses.

Who is affected

Horizoncloud Caterease versions from 16.0.1.1663 to 24.0.1.2405 and potentially in later versions.

Analysis generated by Claude AI (Anthropic) based on NVD data. Always verify with vendor.
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
  • Horizoncloud Caterease

    APP
    Horizoncloud
    16.0.1.1663 – 24.0.1.2405
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
CWE
References

Related vulnerabilities

CVE-2024-38883CRITICAL9.1PL ✓ten sam produkt

Caterease: obniżenie poziomu szyfrowania przez wybór słabszego algorytmu

CVE-2024-38887CRITICAL9.8PL ✓ten sam produkt

Command Injection w Horizoncloud Caterease — zdalne przejęcie systemu OS

CVE-2024-38889CRITICAL9.8PL ✓ten sam produkt

SQL Injection w Horizoncloud Caterease — zdalne wykonanie zapytań

CVE-2024-38882CRITICAL9.8PL ✓ten sam produkt

SQL Injection umożliwiający command injection w Horizoncloud Caterease

CVE-2024-38891HIGH7.5ten sam produkt

An issue in Horizon Business Services Inc. Caterease 16.0.1.1663 through 24.0.1.2405 and possibly later versio...