7.5

CVE-2018-14607

Exploit

EPSS 0.38%
Veröffentlicht 26.07.2018 22:29:00
Zuletzt bearbeitet 21.11.2024 03:49:24
Quelle cve@mitre.org
CVE-Watchlists
Login
Unerledigt
Login

Thomson Reuters UltraTax CS 2017 on Windows, in a client/server configuration, transfers customer records and bank account numbers in cleartext over SMBv2, which allows attackers to (1) obtain sensitive information by sniffing the network or (2) conduct man-in-the-middle (MITM) attacks via unspecified vectors. The customer record transferred in cleartext contains: Client ID, Full Name, Spouse's Full Name, Social Security Number, Spouse's Social Security Number, Occupation, Spouse's Occupation, Daytime Phone, Home Phone, Tax Preparer, Federal and State Taxes to File, Bank Name, Bank Account Number, and possibly other sensitive information.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 5

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Thomsonreuters ≫ Ultratax Cs 2017 Version- SwPlatformwindows

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.38%	0.587

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	7.5	3.9	3.6	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
nvd@nist.gov	5	10	2.9	AV:N/AC:L/Au:N/C:P/I:N/A:N

CWE-311 Missing Encryption of Sensitive Data

The product does not encrypt sensitive or critical information before storage or transmission.

https://corporateblue.com/ultratax-cs-data-exposure-vulnerability/

Third Party Advisory

Exploit

URL Repurposed

https://www.themikewylie.com/ultratax-cs-data-exposure-vulnerability-cve-2018-14608-cve-2018-14607/

https://nvd.nist.gov/vuln/detail/CVE-2018-14607

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2018-14607

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2018-14607

EUVD