CVE-2018-3854

Exploit

EPSS 0.06%
Published 03.12.2018 22:29:00
Last modified 21.11.2024 04:06:10
Source talos-cna@cisco.com
Teams watchlist Login
Open Login

An exploitable information disclosure vulnerability exists in the password protection functionality of Quicken Deluxe 2018 for Mac version 5.2.2. A specially crafted sqlite3 request can cause the removal of the password protection, allowing an attacker to access and modify the data without knowing the password. An attacker needs to have access to the password-protected files to trigger this vulnerability.

Affected products Warnungen 0 Metrics 4 CWE 1 References 4

Data is provided by the National Vulnerability Database (NVD)

Intuit ≫ Quicken 2018 Version5.2.2 SwEditiondeluxe SwPlatformmacos

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	0.06%	0.177

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	7.1	1.8	5.2	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
nvd@nist.gov	3.6	3.9	4.9	AV:L/AC:L/Au:N/C:P/I:P/A:N
talos-cna@cisco.com	7.1	1.8	5.2	CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N

CWE-200 Exposure of Sensitive Information to an Unauthorized Actor

The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

https://www.talosintelligence.com/vulnerability_reports/TALOS-2018-0537

Third Party Advisory

Exploit

https://nvd.nist.gov/vuln/detail/CVE-2018-3854

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2018-3854

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2018-3854

EUVD