How severe is CVE-2024-38890?

This vulnerability has a severity rating of HIGH with a CVSS score of 8.4 out of 10.

What type of vulnerability is CVE-2024-38890?

This is classified as CWE-294, which is a common weakness in software security.

CVE-2024-38890

HIGH Year: 2024

CVSS v3 Score

8.4

High

Weakness Type

CWE-294

View all →

Vulnerability Description

An issue in Horizon Business Services Inc. Caterease Software 16.0.1.1663 through 24.0.1.2405 and possibly later versions allows a local attacker to perform an Authentication Bypass by Capture-replay attack due to insufficient protection against capture-replay attacks.

CVE-2020-10185

HIGH

CVSS:8.6(High)

The sync endpoint in YubiKey Validation Server before 2.40 allows remote attackers to replay an OTP. NOTE: this issue is potentially relevant to persons outside Yubico who operate a self-hosted OTP va...

CWE-2942020

CVE-2024-3982

HIGH

CVSS:8.2(High)

An attacker with local access to machine where MicroSCADA X SYS600 is installed, could enable the session logging supporting the product and try to exploit a session hijacking of an already establishe...

CWE-2942024

CVE-2017-5251

HIGH

CVSS:8.1(High)

In version 1012 and prior of Insteon's Insteon Hub, the radio transmissions used for communication between the hub and connected devices are not encrypted.

CWE-2942017

CVE-2018-15498

HIGH

CVSS:8.1(High)

YSoft SafeQ Server 6 allows a replay attack.

CWE-2942018

CVE-2018-17935

HIGH

CVSS:8.1(High)

All versions of Telecrane F25 Series Radio Controls before 00.0A use fixed codes that are reproducible by sniffing and re-transmission. This can lead to unauthorized replay of a command, spoofing of a...

CWE-2942018

CVE-2019-12887

HIGH

CVSS:8.1(High)

KeyIdentity LinOTP before 2.10.5.3 has Incorrect Access Control (issue 1 of 2).

CWE-2942019

CVE-2024-38890

Vulnerability Description

Related Vulnerabilities

CVE-2020-10185

CVE-2024-3982

CVE-2017-5251

CVE-2018-15498

CVE-2018-17935

CVE-2019-12887