Verint Impact 360 11.1 Open Redirect

2016.11.11
Risk: Low
Local: No
Remote: Yes
CVE: N/A
CWE: CWE-601

URL Redirection Vulnerability In Verint Impact 360 Overview ======== * Title : URL Redirection Vulnerability In Verint Impact 360 * Author: Sanehdeep Singh * Plugin Homepage: http://www.verint.com * Severity: Medium * Version Affected: 11.1 * Version patched: Patches available. Contact Vendor Description =========== About the Product ================= Verint Impact 360 is a quality monitoring/call recording, workforce management, performance management, and eLearning help optimize business operations, customer relationships,and personnel enterprise-wide application. Vulnerable Parameter -------------------- UserSettings_Frames.aspx?returl=URL About Vulnerability ------------------- Verint Impact 360 application is vulnerable to URL redirection vulnerability. This type of vulnerability could be used to accomplish a phishing attack or redirect a victim to an infection page. #Live Poc URL https://XXX/Ultra/Settings/UserSettings_Frames.aspx?returl=/Ultra/HomePage_Frames.aspx Mitigation ========== Contact Verint team for Mitigation. Disclosure ========== 29-August-2016 Reported to Verint Team Credits ======= * Sanehdeep Singh * Senior Consultant * ControlCase International Pvt Ltd.


Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}

Copyright 2019, cxsecurity.com

 

Back to Top