CVE Catalog

CVE-2024-38886

CriticalCVSS 9.8
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Elevated risk
0.76%

51th percentile - higher than 51% of all known CVEs

Summary

A vulnerability in Horizon Business Services Inc. Caterease versions 16.0.1.1663 through 24.0.1.2405 and possibly later allows a remote attacker to perform a Traffic Injection attack due to improper verification of the source of a communication channel.

Risk Assessment

An attacker can inject malicious traffic into the system's communication, potentially leading to data integrity compromise, impersonation of legitimate sources, or unauthorized operations.

Recommendation

Immediately update Caterease to the latest available version that includes a fix for this vulnerability. Until the update is applied, restrict system access to trusted networks and IP addresses only.

Original NVD description (English source)

An issue in Horizon Business Services Inc. Caterease 16.0.1.1663 through 24.0.1.2405 and possibly later versions, allows a remote attacker to perform a Traffic Injection attack due to improper verification of the source of a communication channel.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS