A vulnerability classified as critical has been found in Horizon Business Services Caterease up to 24.0.1.2405. Affected is the function xp_cmdshell of the component SQL Server. The manipulation leads to os command injection.

This vulnerability is traded as CVE-2024-38882. The attack can only be initiated within the local network. There is no exploit available.