Lucene search

Verint Security Vulnerabilities

cve

CVE-2018-17871

Verba Collaboration Compliance and Quality Management Platform before 9.2.1.5545 has Incorrect Access Control.

6.5CVSS

6.5AI Score

0.003EPSS

2018-10-04 07:29 PM

cve

CVE-2018-17872

Verba Collaboration Compliance and Quality Management Platform before 9.2.1.5545 has Insecure Permissions.

8.8CVSS

8.6AI Score

0.006EPSS

2018-10-04 07:29 PM

cve

CVE-2019-12773

An issue was discovered in Verint Impact 360 15.1. At wfo/help/help_popup.jsp, the helpURL parameter can be changed to embed arbitrary content inside of an iFrame. Attackers may use this in conjunction with social engineering to embed malicious scripts or phishing pages on a site where this product...

6.1CVSS

6.2AI Score

0.001EPSS

2020-07-14 08:15 PM

cve

CVE-2019-12783

An issue was discovered in Verint Impact 360 15.1. At wfo/control/signin, the rd parameter can accept a URL, to which users will be redirected after a successful login. In conjunction with CVE-2019-12784, this can be used by attackers to "crowdsource" bruteforce login attempts on the target site, a...

6.1CVSS

7.1AI Score

0.001EPSS

2020-07-14 08:15 PM

cve

CVE-2019-12784

An issue was discovered in Verint Impact 360 15.1. At wfo/control/signin, the login form can accept submissions from external websites. In conjunction with CVE-2019-12783, this can be used by attackers to "crowdsource" bruteforce login attempts on the target site, allowing them to guess and potenti...

8.8CVSS

6.3AI Score

0.001EPSS

2020-07-14 08:15 PM

cve

CVE-2020-12744

The MSI installer in Verint Desktop Resources 15.2 allows an unprivileged local user to elevate their privileges during install or repair.

7.8CVSS

7.4AI Score

0.0004EPSS

2022-10-20 11:15 AM

cve

CVE-2020-13480

Verint Workforce Optimization (WFO) 15.2 allows HTML injection via the "send email" feature.

5.4CVSS

5.7AI Score

0.001EPSS

2020-06-22 06:15 PM

cve

CVE-2020-23446

Verint Workforce Optimization suite 15.1 (15.1.0.37634) has Unauthenticated Information Disclosure via API

5.3CVSS

5.2AI Score

0.002EPSS

2020-09-22 02:15 PM

cve

CVE-2020-24055

Verint 5620PTZ Verint_FW_0_42 and Verint 4320 V4320_FW_0_23, and V4320_FW_0_31 units feature an autodiscovery service implemented in the binary executable '/usr/sbin/DM' that listens on port TCP 6666. The service is vulnerable to a stack buffer overflow. It is worth noting that this service does no...

9.8CVSS

9.3AI Score

0.003EPSS

2020-08-21 03:15 PM

cve

CVE-2020-24056

A hardcoded credentials vulnerability exists in Verint 5620PTZ Verint_FW_0_42, Verint 4320 V4320_FW_0_23, V4320_FW_0_31, and Verint S5120FD Verint_FW_0_42units. This could cause a confidentiality issue when using the FTP, Telnet, or SSH protocols.

7.5CVSS

7.4AI Score

0.003EPSS

2020-08-21 03:15 PM

cve

CVE-2020-24057

The management website of the Verint S5120FD Verint_FW_0_42 unit features a CGI endpoint ('ipfilter.cgi') that allows the user to manage network filtering on the unit. This endpoint is vulnerable to a command injection. An authenticated attacker can leverage this issue to execute arbitrary commands...

8.8CVSS

9.2AI Score

0.152EPSS

2020-08-21 03:15 PM

cve

CVE-2021-36450

Verint Workforce Optimization (WFO) 15.2.8.10048 allows XSS via the control/my_notifications NEWUINAV parameter.

6.1CVSS

5.9AI Score

0.002EPSS

2021-12-15 07:15 AM

cve

CVE-2021-41825

Verint Workforce Optimization (WFO) 15.2.5.1033 allows HTML injection via the /wfo/control/signin username parameter.

5.3CVSS

5.4AI Score

0.001EPSS

2021-10-08 04:15 PM

cve

CVE-2023-33257

Verint Engagement Management 15.3 Update 2023R2 is vulnerable to HTML injection via the user data form in the live chat.

5.4CVSS

5.5AI Score

0.001EPSS

2023-08-02 02:15 PM