CVE Catalog

CVE-2024-38887

CriticalCVSS 9.8
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Elevated risk
1.68%

74th percentile - higher than 74% of all known CVEs

Summary

A vulnerability in Horizon Business Services Inc. Caterease versions 16.0.1.1663 through 24.0.1.2405 and possibly later allows a remote attacker to expand control over the operating system from the database due to execution of commands with unnecessary privileges.

Risk Assessment

An attacker can gain full control over the operating system, compromising the confidentiality, integrity, and availability of data and the entire IT infrastructure of the organization.

Recommendation

Immediately update Caterease to the latest available version and restrict the privileges of accounts used for database communication to the minimum necessary.

Original NVD description (English source)

An issue in Horizon Business Services Inc. Caterease 16.0.1.1663 through 24.0.1.2405 and possibly later versions, allows a remote attacker to expand control over the operating system from the database due to the execution of commands with unnecessary privileges.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS