CVE-2024-38890

An issue in Horizon Business Services Inc. Caterease Software 16.0.1.1663 through 24.0.1.2405 and possibly later versions allows a local attacker to perform an Authentication Bypass by Capture-replay attack due to insufficient protection against capture-replay attacks.
Configurations

No configuration.

History

07 Aug 2024, 16:15

Type Values Removed Values Added
References
  • () https://packetstormsecurity.com/files/179892/Caterease-Software-SQL-Injection-Command-Injection-Bypass.html -

05 Aug 2024, 12:41

Type Values Removed Values Added
Summary
  • (es) Un problema en Horizon Business Services Inc. Caterease Software 16.0.1.1663 a 24.0.1.2405 y posiblemente versiones posteriores permite a un atacante local realizar un ataque de omisión de autenticación mediante captura-reproducción debido a una protección insuficiente contra ataques de captura-reproducción.

03 Aug 2024, 19:35

Type Values Removed Values Added
CVSS v2 : unknown
v3 : unknown
v2 : unknown
v3 : 8.4
CWE CWE-294

02 Aug 2024, 15:16

Type Values Removed Values Added
New CVE

Information

Published : 2024-08-02 15:16

Updated : 2024-08-07 16:15


NVD link : CVE-2024-38890

Mitre link : CVE-2024-38890

CVE.ORG link : CVE-2024-38890


JSON object : View

Products Affected

No product.

CWE
CWE-294

Authentication Bypass by Capture-replay