CVE-2014-4311

NONE
Published Nov 4, 201411y ago · Modified Jun 17, 20262w ago
Find Similar
Published Nov 4, 2014 11y ago
Last Modified Jun 17, 2026 2w ago

Description

Epicor Enterprise 7.4 before FS74SP6_HotfixTL054181 allows attackers to obtain the (1) Database Connection and (2) E-mail Connection passwords by reading HTML source code of the database connection and email settings page.

Threat Intelligence

No active exploitation signals — not in CISA KEV and no EPSS score yet.

Exploit & Patch Status
Public Exploit Known
No Patch Available

Weaknesses 1

CWE-200 Exposure of Sensitive Information to an Unauthorized Actor Information Exposure

Affected Products 1

VendorProductVersionRange
epicorepicor_enterprise* ≤7.4

References 3

  • packetstormsecurity.com http://packetstormsecurity.com/files/128511/Epicor-Password-Disclosure-Cross-Site-Scripting.html
    Exploit
  • seclists.org http://seclists.org/fulldisclosure/2014/Oct/2
    Exploit
  • exploit-db.com http://www.exploit-db.com/exploits/34864
    Exploit

Remediation

No remediation data recorded yet

Check vendor advisories and the NVD entry for patch availability.