CVE-2014-4311
NONE
Published Nov 4, 201411y ago · Modified Jun 17, 20262w ago
Published Nov 4, 2014 11y ago
Last Modified Jun 17, 2026 2w ago
Description
Epicor Enterprise 7.4 before FS74SP6_HotfixTL054181 allows attackers to obtain the (1) Database Connection and (2) E-mail Connection passwords by reading HTML source code of the database connection and email settings page.
Threat Intelligence
No active exploitation signals — not in CISA KEV and no EPSS score yet.
Exploit & Patch Status
Public Exploit Known
No Patch Available
Weaknesses 1
CWE-200 Exposure of Sensitive Information to an Unauthorized Actor Information Exposure
Affected Products 1
| Vendor | Product | Version | Range |
|---|---|---|---|
| epicor | epicor_enterprise | * | ≤7.4 |
References 3
- packetstormsecurity.com http://packetstormsecurity.com/files/128511/Epicor-Password-Disclosure-Cross-Site-Scripting.html
- seclists.org http://seclists.org/fulldisclosure/2014/Oct/2
- exploit-db.com http://www.exploit-db.com/exploits/34864
Remediation
No remediation data recorded yet
Check vendor advisories and the NVD entry for patch availability.