Digital Defense Identifies Vulnerability On Epicor Software InterfaceDigital Defense Identifies Vulnerability On Epicor Software Interface
Vulnerability could potentially be leveraged by an attacker to execute arbitrary SQL commands
May 17, 2012
San Antonio, TX – May, 16, 2012 – Digital Defense, Inc. (DDI), a leading provider of managed cloud-based security assessments, announced the organization’s discovery of a blind SQL injection vulnerability in the Epicor Returns Management software SOAP interface. Left unremediated, this vulnerability could potentially be leveraged by an attacker to execute arbitrary SQL commands and extract information from the backend database using standard SQL exploitation techniques. Additionally, an attacker may be able to exploit this flaw to compromise the database server host operating system.
DDI followed their ethical disclosure policy, which included the immediate notification of Epicor Software Corporation. Epicor has now confirmed that they have contacted the customers affected and have made an update available to address this vulnerability. Epicor has also advised DDI that the codebase for Returns Management software might differ significantly from customer to customer, and has suggested that some customer installs may not contain this specific vulnerability due to this codebase variability. DDI recommends that any customer currently utilizing Epicor Returns Management software within their enterprise install the update Epicor has made available and, if concerned, log a support call with Epicor directly to determine if their codebase contains this vulnerability.
Larry Hurtado, DDI President & CEO, states, “DDI has emerged as an industry leader in the disclosure of zero day vulnerabilities. Our Collective Security Intelligence, offered through our cloud-based platform, provides our clients an extra measure of peace of mind knowing that our technology and expertise result in the rapid identification of vulnerabilities, which may otherwise go undetected. We responsibly communicate vulnerability information to clients, vendors, and ultimately the public so that remediation solutions can be developed quickly and effectively.”
About Digital Defense
Digital Defense, Inc. is a leading provider of managed, cloud-based security assessments, providing clients high value solutions through best-in-class service. DDI’s proprietary online vulnerability management system, Frontline Solutions Platform, combined with certified Security Analysts, delivers one of the most powerful and comprehensive assessment results and remediation management offerings in the marketplace. For more information about Digital Defense, please visit our web site at www.ddifrontline.com or contact us at 888.273.1412.
You May Also Like
Modern Supply Chain Security: Integrated, Interconnected, and Context-DrivenNov 06, 2023
How to Combat the Latest Cloud Security ThreatsNov 06, 2023
Reducing Cyber Risk in Enterprise Email Systems: It's Not Just Spam and PhishingNov 01, 2023
SecOps & DevSecOps in the CloudNov 06, 2023
What's In Your Cloud?Nov 30, 2023
9 Traits You Need to Succeed as a Cybersecurity Leader
The Ultimate Guide to the CISSP
The Burnout Breach: How employee burnout is emerging as the next frontier in cybersecurity
Gone Phishing: How to Defend Against Persistent Phishing Attempts Targeting Your Organization
The Rise of Extended Detection & Response