← back
CVE-2014-4311

CVE-2014-4311

EPSS 5.8%
Epicor Enterprise 7.4 before FS74SP6_HotfixTL054181 allows attackers to obtain the (1) Database Connection and (2) E-mail Connection passwords by reading HTML source code of the database connection and email settings page.
Affected products
n/a · n/a
public PoCs found3
cve_referencepacketstormsecurity.com/files/128511/Epicor-Password-Disclosure-Cross-Site-Scripting.htmlunverifiedcve_referencewww.exploit-db.com/exploits/34864unverifiedexploitdbwww.exploit-db.com/exploits/34864unverified
⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
http://packetstormsecurity.com/files/128511/Epicor-Password-Disclosure-Cross-Site-Scripting.htmlhttp://seclists.org/fulldisclosure/2014/Oct/2http://www.exploit-db.com/exploits/34864