CVE-2018-14607

Name of the Vulnerable Software and Affected Versions Thomson Reuters UltraTax CS version 2017

Description The software transfers customer records and bank account numbers in cleartext over SMBv2, allowing attackers to obtain sensitive information by sniffing the network or conduct man-in-the-middle (MITM) attacks. The customer record transferred in cleartext contains sensitive information such as Client ID, Full Name, Social Security Number, Bank Name, Bank Account Number, and other personal details.

Recommendations For Thomson Reuters UltraTax CS version 2017, consider implementing encryption for data transferred over the network to prevent eavesdropping and MITM attacks. As a temporary workaround, restrict access to the network to minimize the risk of exploitation. Avoid using SMBv2 for sensitive data transfer until a secure alternative is implemented.