CVE-2018-3854

Exploit

EPSS 0.06%
Veröffentlicht 03.12.2018 22:29:00
Zuletzt bearbeitet 21.11.2024 04:06:10
Quelle talos-cna@cisco.com
Teams Watchlist Login
Unerledigt Login

An exploitable information disclosure vulnerability exists in the password protection functionality of Quicken Deluxe 2018 for Mac version 5.2.2. A specially crafted sqlite3 request can cause the removal of the password protection, allowing an attacker to access and modify the data without knowing the password. An attacker needs to have access to the password-protected files to trigger this vulnerability.

Betroffene Produkte Warnungen 0 Metriken 4 CWE 1 Referenzen 4

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Intuit ≫ Quicken 2018 Version5.2.2 SwEditiondeluxe SwPlatformmacos

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.06%	0.177

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	7.1	1.8	5.2	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
nvd@nist.gov	3.6	3.9	4.9	AV:L/AC:L/Au:N/C:P/I:P/A:N
talos-cna@cisco.com	7.1	1.8	5.2	CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N

CWE-200 Exposure of Sensitive Information to an Unauthorized Actor

The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

https://www.talosintelligence.com/vulnerability_reports/TALOS-2018-0537

Third Party Advisory

Exploit

https://nvd.nist.gov/vuln/detail/CVE-2018-3854

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2018-3854

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2018-3854

EUVD