The CCAgent option 9.0.8.4 and previous versions in the management server (aka TSA) component in Alcatel-Lucent OmniTouch Contact Center Standard Edition relies on client-side authorization checking, and unconditionally sends the SuperUser password to the client for use during an authorized session, which allows remote malicious users to monitor or reconfigure Contact Center operations via a modified client application.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
alcatel-lucent ccagent 7.1 |
||
alcatel-lucent ccagent |
||
alcatel-lucent omnitouch_contact_center - |