Vulnerability Description
Epicor Enterprise 7.4 before FS74SP6_HotfixTL054181 allows attackers to obtain the (1) Database Connection and (2) E-mail Connection passwords by reading HTML source code of the database connection and email settings page.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Epicor | Epicor Enterprise | <= 7.4 |
Related Weaknesses (CWE)
References
- http://packetstormsecurity.com/files/128511/Epicor-Password-Disclosure-Cross-SitExploit
- http://seclists.org/fulldisclosure/2014/Oct/2Exploit
- http://www.exploit-db.com/exploits/34864Exploit
- http://packetstormsecurity.com/files/128511/Epicor-Password-Disclosure-Cross-SitExploit
- http://seclists.org/fulldisclosure/2014/Oct/2Exploit
- http://www.exploit-db.com/exploits/34864Exploit
FAQ
What is CVE-2014-4311?
CVE-2014-4311 is a vulnerability with a CVSS score of 5.0 (MEDIUM). Epicor Enterprise 7.4 before FS74SP6_HotfixTL054181 allows attackers to obtain the (1) Database Connection and (2) E-mail Connection passwords by reading HTML source code of the database connection an...
How severe is CVE-2014-4311?
CVE-2014-4311 has been rated MEDIUM with a CVSS base score of 5.0/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2014-4311?
Check the references section above for vendor advisories and patch information. Affected products include: Epicor Epicor Enterprise.