NVD disclosure day

Published threat advisories for August 2, 2024

CVE advisoryCRITICAL

CVE-2024-38889

Caterease SQL Injection Vulnerability

Halo Surface Signal: 3 out of 5 — possibly public-facing.

A vulnerability exists in Caterease software that allows remote attackers to execute SQL injection attacks due to improper handling of special characters in SQL commands. This could lead to unauthorized access to or modification of data. It is important to determine if your organization uses this software and its poten

CVE advisoryCRITICAL

CVE-2024-38886

Caterease Traffic Injection Vulnerability

Halo Surface Signal: 3 out of 5 — possibly public-facing.

A critical vulnerability in Caterease software allows remote attackers to inject malicious traffic by exploiting improper source verification. This could lead to unauthorized access, modification, or disruption of sensitive business data. It is important to confirm if this software is in use and exposed to determine it

CVE advisoryCRITICAL

CVE-2024-38883

Caterease Drop Encryption Level Vulnerability

Halo Surface Signal: 3 out of 5 — possibly public-facing.

A vulnerability in Caterease software allows remote attackers to weaken data encryption by selecting less secure algorithms during negotiation. This could lead to unauthorized access and compromise of sensitive information. Confirmation of software usage and external exposure is needed to assess relevance.