CVE-2018-3854
HIGHQuicken Deluxe 2018 for Mac 5.2.2 - Unauthenticated Exposure of Sensitive Information via SQLite Request
Title source: llmDescription
An exploitable information disclosure vulnerability exists in the password protection functionality of Quicken Deluxe 2018 for Mac version 5.2.2. A specially crafted sqlite3 request can cause the removal of the password protection, allowing an attacker to access and modify the data without knowing the password. An attacker needs to have access to the password-protected files to trigger this vulnerability.
References (1)
Core 1
Core References
Exploit, Third Party Advisory x_refsource_misc
https://www.talosintelligence.com/vulnerability_reports/TALOS-2018-0537
Scores
CVSS v3
7.1
EPSS
0.0043
EPSS Percentile
34.6%
Attack Vector
LOCAL
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
Details
CWE
CWE-200
Status
published
Products (1)
intuit/quicken_2018
5.2.2
Published
Dec 03, 2018
Tracked Since
Feb 18, 2026