What is the severity of CVE-2018-11338?

CVE-2018-11338 is classified as a high severity vulnerability due to the potential exposure of sensitive customer information.

How do I fix CVE-2018-11338?

To fix CVE-2018-11338, ensure that sensitive data transmission is encrypted and update to a version of Intuit Lacerte that addresses this vulnerability.

Which versions of Intuit Lacerte are affected by CVE-2018-11338?

CVE-2018-11338 affects Intuit Lacerte 2017 in a Windows client/server environment.

What type of attacks can be executed due to CVE-2018-11338?

CVE-2018-11338 allows attackers to conduct man-in-the-middle attacks and gather sensitive information through network sniffing.

What data is exposed due to CVE-2018-11338?

CVE-2018-11338 exposes the entire customer list in cleartext, making sensitive information vulnerable to interception.

Vulnerability/
CVE-2018-11338

high

7.5

CWE

319

31/7/2018

14/2/2024

CVE-2018-11338

First published: Tue Jul 31 2018(Updated: )

Intuit Lacerte 2017 for Windows in a client/server environment transfers the entire customer list in cleartext over SMB, which allows attackers to (1) obtain sensitive information by sniffing the network or (2) conduct man-in-the-middle (MITM) attacks via unspecified vectors. The customer list contains each customer's full name, social security number (SSN), address, job title, phone number, Email address, spouse's phone/Email address, and other sensitive information. After the client software authenticates to the server database, the server sends the customer list. There is no need for further exploitation as all sensitive data is exposed. This vulnerability was validated on Intuit Lacerte 2017, however older versions of Lacerte may be vulnerable.

Credit: cve@mitre.org cve@mitre.org

Affected Software	Affected Version	How to fix
Intuit Lacerte	<=2017
	<=2017

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is the severity of CVE-2018-11338?
CVE-2018-11338 is classified as a high severity vulnerability due to the potential exposure of sensitive customer information.
How do I fix CVE-2018-11338?
To fix CVE-2018-11338, ensure that sensitive data transmission is encrypted and update to a version of Intuit Lacerte that addresses this vulnerability.
Which versions of Intuit Lacerte are affected by CVE-2018-11338?
CVE-2018-11338 affects Intuit Lacerte 2017 in a Windows client/server environment.
What type of attacks can be executed due to CVE-2018-11338?
CVE-2018-11338 allows attackers to conduct man-in-the-middle attacks and gather sensitive information through network sniffing.
What data is exposed due to CVE-2018-11338?
CVE-2018-11338 exposes the entire customer list in cleartext, making sensitive information vulnerable to interception.

collector/nvd-index
agent/references
agent/type
agent/first-publish-date
collector/nvd-api
source/NVD
agent/software-canonical-lookup
agent/last-modified-date
agent/weakness
agent/severity
agent/author
agent/softwarecombine
agent/description
agent/tags
agent/event
agent/source
vendor/intuit
canonical/intuit lacerte
version/intuit lacerte/2017

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co

By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.