9 matches found
Thompson Reuters UltraTax CS 2017 for Windows Information Disclosure Vulnerability (CNVD-2019-19056)
Thompson Reuters UltraTax CS 2017 for Windows is a Windows-based automated tax management software from Thompson Reuters, USA. The software is primarily used to automate the management of business or personal tax workflows. An information disclosure vulnerability exists in Thompson Reuters UltraT...
CVE-2018-14608
Thomson Reuters UltraTax CS 2017 on Windows has a password protection option; however, the level of protection might be inconsistent with some customers' expectations because the data is directly accessible in cleartext. Specifically, it stores customer data in unique directories...
CVE-2018-14607
Thomson Reuters UltraTax CS 2017 on Windows, in a client/server configuration, transfers customer records and bank account numbers in cleartext over SMBv2, which allows attackers to 1 obtain sensitive information by sniffing the network or 2 conduct man-in-the-middle MITM attacks via unspecified...
Code injection
Thomson Reuters UltraTax CS 2017 on Windows, in a client/server configuration, transfers customer records and bank account numbers in cleartext over SMBv2, which allows attackers to 1 obtain sensitive information by sniffing the network or 2 conduct man-in-the-middle MITM attacks via unspecified...
Design/Logic Flaw
Thomson Reuters UltraTax CS 2017 on Windows has a password protection option; however, the level of protection might be inconsistent with some customers' expectations because the data is directly accessible in cleartext. Specifically, it stores customer data in unique directories...
CVE-2018-14608
Thomson Reuters UltraTax CS 2017 for Windows is affected by CVE-2018-14608. The vulnerability stems from storing customer data in plaintext in unique directories under %install_path%\WinCSI\UT17DATA\client_ID\file_name.XX17, which can be bypassed without authentication by inspecting the strings i...
CVE-2018-14608
Thomson Reuters UltraTax CS 2017 on Windows has a password protection option; however, the level of protection might be inconsistent with some customers' expectations because the data is directly accessible in cleartext. Specifically, it stores customer data in unique directories...
CVE-2018-14607
Thomson Reuters UltraTax CS 2017 on Windows, in a client/server configuration, transfers customer records and bank account numbers in cleartext over SMBv2, which allows attackers to 1 obtain sensitive information by sniffing the network or 2 conduct man-in-the-middle MITM attacks via unspecified...
CVE-2018-14607
CVE-2018-14607/14608 apply to Thomson Reuters UltraTax CS 2017 for Windows in a client/server setup. The issue is that customer records and bank account numbers are transferred in cleartext over SMBv2, enabling network sniffing and potential MITM attacks; the disclosed data includes full names, S...