CVE-2018-3854: Infoleak
First published: Mon Dec 03 2018(Updated: )
An exploitable information disclosure vulnerability exists in the password protection functionality of Quicken Deluxe 2018 for Mac version 5.2.2. A specially crafted sqlite3 request can cause the removal of the password protection, allowing an attacker to access and modify the data without knowing the password. An attacker needs to have access to the password-protected files to trigger this vulnerability.
Credit: talos-cna@cisco.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Quicken | =5.2.2 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Frequently Asked Questions
What is the severity of CVE-2018-3854?
CVE-2018-3854 is classified as a medium severity vulnerability due to its potential for information disclosure.
How do I fix CVE-2018-3854?
To fix CVE-2018-3854, you should update Quicken Deluxe 2018 to the latest available version that addresses this security issue.
What software is affected by CVE-2018-3854?
CVE-2018-3854 specifically affects Quicken Deluxe 2018 for Mac version 5.2.2.
What type of vulnerability is CVE-2018-3854?
CVE-2018-3854 is an information disclosure vulnerability that allows unauthorized access to data.
Can CVE-2018-3854 be exploited remotely?
CVE-2018-3854 requires local access to exploit, as it involves a specially crafted sqlite3 request.
- agent/weakness
- agent/type
- collector/mitre-cve
- source/MITRE
- agent/severity
- agent/last-modified-date
- agent/references
- agent/description
- agent/first-publish-date
- agent/author
- agent/event
- agent/source
- agent/softwarecombine
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- vendor/intuit
- canonical/quicken
- version/quicken/5.2.2