Description
Epicor Enterprise 7.4 before FS74SP6_HotfixTL054181 allows attackers to obtain the (1) Database Connection and (2) E-mail Connection passwords by reading HTML source code of the database connection and email settings page.
Exploits (1)
References (3)
Core 3
Core References
Exploit exploit
x_refsource_exploit-db
http://www.exploit-db.com/exploits/34864
Exploit mailing-list
x_refsource_fulldisc
http://seclists.org/fulldisclosure/2014/Oct/2
Exploit x_refsource_misc
http://packetstormsecurity.com/files/128511/Epicor-Password-Disclosure-Cross-Site-Scripting.html
Scores
EPSS
0.0873
EPSS Percentile
92.5%
Details
CWE
CWE-200
Status
published
Products (1)
epicor/epicor_enterprise
< 7.4
Published
Nov 04, 2014
Tracked Since
Feb 18, 2026