An issue was discovered in Verint Impact 360 15.1. At wfo/control/signin, the rd parameter can accept a URL, allowing attackers to "crowdsource" bruteforce login attempts
Reporter | Title | Published | Views | Family All 9 |
---|---|---|---|---|
Packet Storm | Verint Impact 360 15.1 Open Redirect | 14 Jul 202000:00 | – | packetstorm |
Packet Storm | Verint Impact 360 15.1 Cross Site Request Forgery | 14 Jul 202000:00 | – | packetstorm |
Prion | Code injection | 14 Jul 202020:15 | – | prion |
Prion | Code injection | 14 Jul 202020:15 | – | prion |
NVD | CVE-2019-12784 | 14 Jul 202020:15 | – | nvd |
NVD | CVE-2019-12783 | 14 Jul 202020:15 | – | nvd |
Cvelist | CVE-2019-12783 | 14 Jul 202019:22 | – | cvelist |
Cvelist | CVE-2019-12784 | 14 Jul 202019:25 | – | cvelist |
CVE | CVE-2019-12784 | 14 Jul 202020:15 | – | cve |
Source | Link |
---|---|
seclists | www.seclists.org/fulldisclosure/2020/Jul/16 |
packetstormsecurity | www.packetstormsecurity.com/files/158412/Verint-Impact-360-15.1-Open-Redirect.html |
Transform Your Security Services
Elevate your offerings with Vulners' advanced Vulnerability Intelligence. Contact us for a demo and discover the difference comprehensive, actionable intelligence can make in your security strategy.
Book a live demo