Search criteria
3 vulnerabilities found for ultratax_cs_2017 by thomsonreuters
FKIE_CVE-2018-14607
Vulnerability from fkie_nvd - Published: 2018-07-26 22:29 - Updated: 2024-11-21 03:49
Severity ?
Summary
Thomson Reuters UltraTax CS 2017 on Windows, in a client/server configuration, transfers customer records and bank account numbers in cleartext over SMBv2, which allows attackers to (1) obtain sensitive information by sniffing the network or (2) conduct man-in-the-middle (MITM) attacks via unspecified vectors. The customer record transferred in cleartext contains: Client ID, Full Name, Spouse's Full Name, Social Security Number, Spouse's Social Security Number, Occupation, Spouse's Occupation, Daytime Phone, Home Phone, Tax Preparer, Federal and State Taxes to File, Bank Name, Bank Account Number, and possibly other sensitive information.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| thomsonreuters | ultratax_cs_2017 | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:thomsonreuters:ultratax_cs_2017:-:*:*:*:*:windows:*:*",
"matchCriteriaId": "FA690610-1662-4961-95E2-BD931A616B10",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Thomson Reuters UltraTax CS 2017 on Windows, in a client/server configuration, transfers customer records and bank account numbers in cleartext over SMBv2, which allows attackers to (1) obtain sensitive information by sniffing the network or (2) conduct man-in-the-middle (MITM) attacks via unspecified vectors. The customer record transferred in cleartext contains: Client ID, Full Name, Spouse\u0027s Full Name, Social Security Number, Spouse\u0027s Social Security Number, Occupation, Spouse\u0027s Occupation, Daytime Phone, Home Phone, Tax Preparer, Federal and State Taxes to File, Bank Name, Bank Account Number, and possibly other sensitive information."
},
{
"lang": "es",
"value": "Thompson Reuters UltraTax CS 2017 en Windows, en una configuraci\u00f3n cliente/servidor, transfiere registros de clientes y n\u00fameros de cuentas bancarias en texto claro a trav\u00e9s de SMBv2, lo que permite a los atacantes (1) obtener informaci\u00f3n confidencial rastreando la red o (2) realizar ataques Man-in-the-Middle (MitM) a trav\u00e9s de vectores no especificados. El registro de cliente transferido en texto claro contiene: ID del cliente, nombre completo, nombre completo del c\u00f3nyuge, n\u00famero de seguro social, n\u00famero de seguro social del c\u00f3nyuge, ocupaci\u00f3n, ocupaci\u00f3n del c\u00f3nyuge, tel\u00e9fono diurno, tel\u00e9fono particular, preparador de impuestos, impuestos federales y estatales a presentar, nombre del banco, n\u00famero de cuenta bancaria y posiblemente otra informaci\u00f3n confidencial."
}
],
"id": "CVE-2018-14607",
"lastModified": "2024-11-21T03:49:24.250",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2018-07-26T22:29:00.210",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory",
"URL Repurposed"
],
"url": "https://corporateblue.com/ultratax-cs-data-exposure-vulnerability/"
},
{
"source": "cve@mitre.org",
"url": "https://www.themikewylie.com/ultratax-cs-data-exposure-vulnerability-cve-2018-14608-cve-2018-14607/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory",
"URL Repurposed"
],
"url": "https://corporateblue.com/ultratax-cs-data-exposure-vulnerability/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://www.themikewylie.com/ultratax-cs-data-exposure-vulnerability-cve-2018-14608-cve-2018-14607/"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-311"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
CVE-2018-14607 (GCVE-0-2018-14607)
Vulnerability from cvelistv5 – Published: 2018-07-26 22:00 – Updated: 2024-08-05 09:29
VLAI?
Summary
Thomson Reuters UltraTax CS 2017 on Windows, in a client/server configuration, transfers customer records and bank account numbers in cleartext over SMBv2, which allows attackers to (1) obtain sensitive information by sniffing the network or (2) conduct man-in-the-middle (MITM) attacks via unspecified vectors. The customer record transferred in cleartext contains: Client ID, Full Name, Spouse's Full Name, Social Security Number, Spouse's Social Security Number, Occupation, Spouse's Occupation, Daytime Phone, Home Phone, Tax Preparer, Federal and State Taxes to File, Bank Name, Bank Account Number, and possibly other sensitive information.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T09:29:51.725Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://corporateblue.com/ultratax-cs-data-exposure-vulnerability/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.themikewylie.com/ultratax-cs-data-exposure-vulnerability-cve-2018-14608-cve-2018-14607/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2018-07-26T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Thomson Reuters UltraTax CS 2017 on Windows, in a client/server configuration, transfers customer records and bank account numbers in cleartext over SMBv2, which allows attackers to (1) obtain sensitive information by sniffing the network or (2) conduct man-in-the-middle (MITM) attacks via unspecified vectors. The customer record transferred in cleartext contains: Client ID, Full Name, Spouse\u0027s Full Name, Social Security Number, Spouse\u0027s Social Security Number, Occupation, Spouse\u0027s Occupation, Daytime Phone, Home Phone, Tax Preparer, Federal and State Taxes to File, Bank Name, Bank Account Number, and possibly other sensitive information."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-09-30T13:15:29",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://corporateblue.com/ultratax-cs-data-exposure-vulnerability/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.themikewylie.com/ultratax-cs-data-exposure-vulnerability-cve-2018-14608-cve-2018-14607/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-14607",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Thomson Reuters UltraTax CS 2017 on Windows, in a client/server configuration, transfers customer records and bank account numbers in cleartext over SMBv2, which allows attackers to (1) obtain sensitive information by sniffing the network or (2) conduct man-in-the-middle (MITM) attacks via unspecified vectors. The customer record transferred in cleartext contains: Client ID, Full Name, Spouse\u0027s Full Name, Social Security Number, Spouse\u0027s Social Security Number, Occupation, Spouse\u0027s Occupation, Daytime Phone, Home Phone, Tax Preparer, Federal and State Taxes to File, Bank Name, Bank Account Number, and possibly other sensitive information."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://corporateblue.com/ultratax-cs-data-exposure-vulnerability/",
"refsource": "MISC",
"url": "https://corporateblue.com/ultratax-cs-data-exposure-vulnerability/"
},
{
"name": "https://www.themikewylie.com/ultratax-cs-data-exposure-vulnerability-cve-2018-14608-cve-2018-14607/",
"refsource": "MISC",
"url": "https://www.themikewylie.com/ultratax-cs-data-exposure-vulnerability-cve-2018-14608-cve-2018-14607/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2018-14607",
"datePublished": "2018-07-26T22:00:00",
"dateReserved": "2018-07-26T00:00:00",
"dateUpdated": "2024-08-05T09:29:51.725Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-14607 (GCVE-0-2018-14607)
Vulnerability from nvd – Published: 2018-07-26 22:00 – Updated: 2024-08-05 09:29
VLAI?
Summary
Thomson Reuters UltraTax CS 2017 on Windows, in a client/server configuration, transfers customer records and bank account numbers in cleartext over SMBv2, which allows attackers to (1) obtain sensitive information by sniffing the network or (2) conduct man-in-the-middle (MITM) attacks via unspecified vectors. The customer record transferred in cleartext contains: Client ID, Full Name, Spouse's Full Name, Social Security Number, Spouse's Social Security Number, Occupation, Spouse's Occupation, Daytime Phone, Home Phone, Tax Preparer, Federal and State Taxes to File, Bank Name, Bank Account Number, and possibly other sensitive information.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T09:29:51.725Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://corporateblue.com/ultratax-cs-data-exposure-vulnerability/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.themikewylie.com/ultratax-cs-data-exposure-vulnerability-cve-2018-14608-cve-2018-14607/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2018-07-26T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Thomson Reuters UltraTax CS 2017 on Windows, in a client/server configuration, transfers customer records and bank account numbers in cleartext over SMBv2, which allows attackers to (1) obtain sensitive information by sniffing the network or (2) conduct man-in-the-middle (MITM) attacks via unspecified vectors. The customer record transferred in cleartext contains: Client ID, Full Name, Spouse\u0027s Full Name, Social Security Number, Spouse\u0027s Social Security Number, Occupation, Spouse\u0027s Occupation, Daytime Phone, Home Phone, Tax Preparer, Federal and State Taxes to File, Bank Name, Bank Account Number, and possibly other sensitive information."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-09-30T13:15:29",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://corporateblue.com/ultratax-cs-data-exposure-vulnerability/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.themikewylie.com/ultratax-cs-data-exposure-vulnerability-cve-2018-14608-cve-2018-14607/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-14607",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Thomson Reuters UltraTax CS 2017 on Windows, in a client/server configuration, transfers customer records and bank account numbers in cleartext over SMBv2, which allows attackers to (1) obtain sensitive information by sniffing the network or (2) conduct man-in-the-middle (MITM) attacks via unspecified vectors. The customer record transferred in cleartext contains: Client ID, Full Name, Spouse\u0027s Full Name, Social Security Number, Spouse\u0027s Social Security Number, Occupation, Spouse\u0027s Occupation, Daytime Phone, Home Phone, Tax Preparer, Federal and State Taxes to File, Bank Name, Bank Account Number, and possibly other sensitive information."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://corporateblue.com/ultratax-cs-data-exposure-vulnerability/",
"refsource": "MISC",
"url": "https://corporateblue.com/ultratax-cs-data-exposure-vulnerability/"
},
{
"name": "https://www.themikewylie.com/ultratax-cs-data-exposure-vulnerability-cve-2018-14608-cve-2018-14607/",
"refsource": "MISC",
"url": "https://www.themikewylie.com/ultratax-cs-data-exposure-vulnerability-cve-2018-14608-cve-2018-14607/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2018-14607",
"datePublished": "2018-07-26T22:00:00",
"dateReserved": "2018-07-26T00:00:00",
"dateUpdated": "2024-08-05T09:29:51.725Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}