Lucene search
K

9 matches found

CNVD
CNVD
added 2018/07/31 12:0 a.m.2 views

Thompson Reuters UltraTax CS 2017 for Windows Information Disclosure Vulnerability (CNVD-2019-19056)

Thompson Reuters UltraTax CS 2017 for Windows is a Windows-based automated tax management software from Thompson Reuters, USA. The software is primarily used to automate the management of business or personal tax workflows. An information disclosure vulnerability exists in Thompson Reuters UltraT...

7.5CVSS7AI score0.00866EPSS
Exploits2References1
NVD
NVD
added 2018/07/26 10:29 p.m.18 views

CVE-2018-14608

Thomson Reuters UltraTax CS 2017 on Windows has a password protection option; however, the level of protection might be inconsistent with some customers' expectations because the data is directly accessible in cleartext. Specifically, it stores customer data in unique directories...

7.5CVSS7.7AI score0.00876EPSS
Exploits2References2
NVD
NVD
added 2018/07/26 10:29 p.m.17 views

CVE-2018-14607

Thomson Reuters UltraTax CS 2017 on Windows, in a client/server configuration, transfers customer records and bank account numbers in cleartext over SMBv2, which allows attackers to 1 obtain sensitive information by sniffing the network or 2 conduct man-in-the-middle MITM attacks via unspecified...

7.5CVSS7.3AI score0.00876EPSS
Exploits2References2
Prion
Prion
added 2018/07/26 10:29 p.m.17 views

Code injection

Thomson Reuters UltraTax CS 2017 on Windows, in a client/server configuration, transfers customer records and bank account numbers in cleartext over SMBv2, which allows attackers to 1 obtain sensitive information by sniffing the network or 2 conduct man-in-the-middle MITM attacks via unspecified...

5CVSS7.3AI score0.00876EPSS
Exploits2References2
Prion
Prion
added 2018/07/26 10:29 p.m.19 views

Design/Logic Flaw

Thomson Reuters UltraTax CS 2017 on Windows has a password protection option; however, the level of protection might be inconsistent with some customers' expectations because the data is directly accessible in cleartext. Specifically, it stores customer data in unique directories...

5CVSS7.7AI score0.00876EPSS
Exploits2References2Affected Software1
CVE
CVE
added 2018/07/26 10:0 p.m.49 views

CVE-2018-14608

Thomson Reuters UltraTax CS 2017 for Windows is affected by CVE-2018-14608. The vulnerability stems from storing customer data in plaintext in unique directories under %install_path%\WinCSI\UT17DATA\client_ID\file_name.XX17, which can be bypassed without authentication by inspecting the strings i...

7.5CVSS7.7AI score0.00876EPSS
Exploits2References2Affected Software1
Cvelist
Cvelist
added 2018/07/26 10:0 p.m.26 views

CVE-2018-14608

Thomson Reuters UltraTax CS 2017 on Windows has a password protection option; however, the level of protection might be inconsistent with some customers' expectations because the data is directly accessible in cleartext. Specifically, it stores customer data in unique directories...

7.7AI score0.00876EPSS
Exploits2References2
Cvelist
Cvelist
added 2018/07/26 10:0 p.m.23 views

CVE-2018-14607

Thomson Reuters UltraTax CS 2017 on Windows, in a client/server configuration, transfers customer records and bank account numbers in cleartext over SMBv2, which allows attackers to 1 obtain sensitive information by sniffing the network or 2 conduct man-in-the-middle MITM attacks via unspecified...

7.3AI score0.00876EPSS
Exploits2References2
CVE
CVE
added 2018/07/26 10:0 p.m.48 views

CVE-2018-14607

CVE-2018-14607/14608 apply to Thomson Reuters UltraTax CS 2017 for Windows in a client/server setup. The issue is that customer records and bank account numbers are transferred in cleartext over SMBv2, enabling network sniffing and potential MITM attacks; the disclosed data includes full names, S...

7.5CVSS7.2AI score0.00876EPSS
Exploits2References2Affected Software1
Rows per page
Query Builder