| Title | Thomson Reuters UltraTax CS 2017 における情報漏えいに関する脆弱性 |
|---|---|
| Summary | Thomson Reuters UltraTax CS 2017 には、情報漏えいに関する脆弱性が存在します。 |
| Possible impacts | 情報を取得される可能性があります。 |
| Solution | ベンダ情報および参考情報を参照して適切な対策を実施してください。 |
| Publication Date | July 26, 2018, midnight |
| Registration Date | Oct. 31, 2018, 10:33 a.m. |
| Last Update | Oct. 31, 2018, 10:33 a.m. |
| CVSS3.0 : 重要 | |
| Score | 7.5 |
|---|---|
| Vector | CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N |
| CVSS2.0 : 警告 | |
| Score | 5 |
|---|---|
| Vector | AV:N/AC:L/Au:N/C:P/I:N/A:N |
| Thomson Reuters |
| UltraTax CS 2017 |
| No | Changed Details | Date of change |
|---|---|---|
| 1 | [2018年10月31日] 掲載 |
Oct. 31, 2018, 10:33 a.m. |
| Summary | Thomson Reuters UltraTax CS 2017 on Windows, in a client/server configuration, transfers customer records and bank account numbers in cleartext over SMBv2, which allows attackers to (1) obtain sensitive information by sniffing the network or (2) conduct man-in-the-middle (MITM) attacks via unspecified vectors. The customer record transferred in cleartext contains: Client ID, Full Name, Spouse's Full Name, Social Security Number, Spouse's Social Security Number, Occupation, Spouse's Occupation, Daytime Phone, Home Phone, Tax Preparer, Federal and State Taxes to File, Bank Name, Bank Account Number, and possibly other sensitive information. |
|---|---|
| Publication Date | July 27, 2018, 7:29 a.m. |
| Registration Date | March 1, 2021, 6:57 p.m. |
| Last Update | Nov. 21, 2024, 12:49 p.m. |
| Configuration1 | or higher | or less | more than | less than | |
| cpe:2.3:a:thomsonreuters:ultratax_cs_2017:-:*:*:*:*:windows:*:* | |||||