Published: 14/07/2020 Updated: 16/07/2020

CVSS v2 Base Score: 5.8 | Impact Score: 4.9 | Exploitability Score: 8.6

CVSS v3 Base Score: 6.1 | Impact Score: 2.7 | Exploitability Score: 2.8

VMScore: 516

Vector: AV:N/AC:M/Au:N/C:P/I:P/A:N

An issue exists in Verint Impact 360 15.1. At wfo/control/signin, the rd parameter can accept a URL, to which users will be redirected after a successful login. In conjunction with CVE-2019-12784, this can be used by malicious users to "crowdsource" bruteforce login attempts on the target site, allowing them to guess and potentially compromise valid credentials without ever sending any traffic from their own machine to the target site.

Vulnerable Product	Search on Vulmon	Subscribe to Product
verint impact 360 15.1

Verint Impact 360 version 151 suffers from a cross site request forgery vulnerability ...

Full Disclosure mailing list archives   By Date By Thread </form>    Verint Impact 360 onLogin open redirect   From: Ryan Delaney < ...

CWE-601 https://seclists.org/fulldisclosure/2020/Jul/16 http://packetstormsecurity.com/files/158412/Verint-Impact-360-15.1-Open-Redirect.html https://nvd.nist.gov https://packetstormsecurity.com/files/158413/Verint-Impact-360-15.1-Cross-Site-Request-Forgery.html

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2019-12783

Vulnerability Summary

Vulnerability Trend

Exploits

Mailing Lists

References

Vulmon Search

About

Products

Connect