72 lines
No EOL
3.1 KiB
Text
72 lines
No EOL
3.1 KiB
Text
"Epicor Enterprise vulnerabilities"
|
|
|
|
- Affected vendor: Epicor Software Corporation
|
|
- Affected system: Epicor Enterprise - Version 7.4
|
|
- Vendor disclosure date: May 13th, 2014
|
|
- Public disclosure date: September 30th, 2014
|
|
- Status: Fixed
|
|
|
|
- Associated CVEs:
|
|
|
|
1) CVE-2014-4311
|
|
Password values not masked appropriately:
|
|
Even though the application appears to be masking the affected password values
|
|
in the database connection and email settings page, it is possible to access
|
|
their content by observing the HTML code.
|
|
|
|
Affected password values:
|
|
- “Database Connection”
|
|
- “E-mail Connection”
|
|
|
|
Associated CAPEC:
|
|
CAPEC-167: Lifting Sensitive Data from the Client -
|
|
https://capec.mitre.org/data/definitions/167.html
|
|
|
|
Associated CWE:
|
|
CWE-200: Information Exposure - http://cwe.mitre.org/data/definitions/200.html
|
|
|
|
2) CVE-2014-4312
|
|
Persistent and reflective cross-site scripting (XSS) attacks possible:
|
|
The identified website is vulnerable to persistent and reflective cross-site
|
|
scripting. Script injection is a weakness within an application, and is due to
|
|
insufficient validation of the input data (i.e. input data being sent from the
|
|
user/presentation layer) and output encoding allowing dynamic execution of
|
|
scripts on the application front end resulting in anomalous/abnormal behaviour
|
|
of the application.
|
|
|
|
Example of affected functionalities for persistent XSS:
|
|
- 1. While viewing Order details, and injecting a malicious payload on the
|
|
"Notes" section.
|
|
- 2. While modifying an “Order to consume” and injecting a malicious payload
|
|
on the "Description" section.
|
|
- 3. While observing the “Favorites” section and and injecting a malicious
|
|
payload on the “Favorites name” section.
|
|
Example of an injected payload: <script>alert("XSS")</script>
|
|
|
|
Example of affected URLs for reflective XSS:
|
|
- 1.
|
|
https://XXXXX/Procurement/EKPHTML/search_item_bt.asp?RecordsRequested=Yes&FiltPartNo=&FiltSupplier=-1&FiltKeyword=<script>alert("XSS")</script>
|
|
- 2.
|
|
https://XXXXX/Procurement/EKPHTML/EnterpriseManager/Budget/ImportBudget_fr.asp?Act=dtt"><script>alert("XSS")</script>
|
|
- 3. https://XXXXX
|
|
/Procurement/EKPHTML/EnterpriseManager/UserSearchDlg.asp?hdnPageName=UserSearch&hdnOpenerFormName=PrefApp&hdnApproverFieldName=temp1&hdnApproverIDFieldName=temp2&hdnUserID=200&hdnOpener=Test"><script>alert("XSS")</script>
|
|
- 4.
|
|
https://XXXXX/Procurement/EKPHTML/EnterpriseManager/UserSearchDlg.asp?hdnOpenerFormName=PrefApp&hdnApproverFieldName="><script>alert("XSS")</script>
|
|
- 5.
|
|
https://XXXXX/Procurement/EKPHTML/EnterpriseManager/Codes.asp?INTEGRATED=XSS">--><script>alert("XSS")</script>
|
|
|
|
Associated CAPEC:
|
|
CAPEC-32: Embedding Scripts in HTTP Query Strings -
|
|
https://capec.mitre.org/data/definitions/32.html
|
|
|
|
Associated CWE:
|
|
CWE-79: Improper Neutralization of Input During Web Page Generation
|
|
('Cross-site Scripting') - http://cwe.mitre.org/data/definitions/79.html
|
|
|
|
- Available fix:
|
|
Epicor Enterprise Hotfix: FS74SP6_HotfixTL054181
|
|
|
|
- Credit:
|
|
These vulnerabilities were discovered by Fara Rustein.
|
|
If you have any questions, comments, concerns, updates or suggestions please
|
|
contact Fara Rustein (TW: @fararustein). |