CVE-2018-14608

{"id": "CVE-2018-14608", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 5.0, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "authentication": "NONE", "integrityImpact": "NONE", "accessComplexity": "LOW", "availabilityImpact": "NONE", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": true, "impactScore": 2.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV30": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.0", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 3.6, "exploitabilityScore": 3.9}]}, "published": "2018-07-26T22:29:00.273", "references": [{"url": "https://corporateblue.com/ultratax-cs-data-exposure-vulnerability/", "tags": ["Exploit", "Third Party Advisory", "URL Repurposed"], "source": "cve@mitre.org"}, {"url": "https://www.themikewylie.com/ultratax-cs-data-exposure-vulnerability-cve-2018-14608-cve-2018-14607/", "source": "cve@mitre.org"}, {"url": "https://corporateblue.com/ultratax-cs-data-exposure-vulnerability/", "tags": ["Exploit", "Third Party Advisory", "URL Repurposed"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://www.themikewylie.com/ultratax-cs-data-exposure-vulnerability-cve-2018-14608-cve-2018-14607/", "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-311"}]}], "descriptions": [{"lang": "en", "value": "Thomson Reuters UltraTax CS 2017 on Windows has a password protection option; however, the level of protection might be inconsistent with some customers' expectations because the data is directly accessible in cleartext. Specifically, it stores customer data in unique directories (%install_path%\\WinCSI\\UT17DATA\\client_ID\\file_name.XX17) that can be bypassed without authentication by examining the strings of the .XX17 file. The strings stored in the .XX17 file contain each customer's: Full Name, Spouse's Name, Social Security Number, Date of Birth, Occupation, Home Address, Daytime Phone Number, Home Phone Number, Spouse's Address, Spouse's Daytime Phone Number, Spouse's Social Security Number, Spouse's Home Phone Number, Spouse's Occupation, Spouse's Date of Birth, and Spouse's Filing Status."}, {"lang": "es", "value": "Thompson Reuters UltraTax CS 2017 en Windows tiene una opci\u00f3n de protecci\u00f3n con contrase\u00f1a; sin embargo, el nivel de protecci\u00f3n puede ser inconsistente con las expectativas de algunos clientes porque los datos son directamente accesibles en texto claro. De manera espec\u00edfica, almacena los datos de los clientes en directorios \u00fanicos (%install_path%\\WinCSI\\UT17DATA\\client_ID\\file_name.XX17) que pueden omitirse sin autenticaci\u00f3n examinando las cadenas del archivo .XX17. Las cadenas almacenadas en el archivo .XX17 contienen la siguiente informaci\u00f3n de cada cliente: Nombre completo, nombre del c\u00f3nyuge, n\u00famero de seguro social, fecha de nacimiento, ocupaci\u00f3n, domicilio, n\u00famero de tel\u00e9fono diurno, n\u00famero de tel\u00e9fono particular, direcci\u00f3n del c\u00f3nyuge, n\u00famero de tel\u00e9fono diurno del c\u00f3nyuge, n\u00famero de seguro social del c\u00f3nyuge, n\u00famero de tel\u00e9fono particular del c\u00f3nyuge, ocupaci\u00f3n del c\u00f3nyuge, fecha de nacimiento del c\u00f3nyuge y estado civil del c\u00f3nyuge."}], "lastModified": "2024-11-21T03:49:24.390", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:thomsonreuters:ultratax_cs:2017:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "2BE020BF-6F11-4D7C-B8DA-8A26639A4E8B"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA"}], "operator": "OR"}], "operator": "AND"}], "sourceIdentifier": "cve@mitre.org"}