Vulnerability Description
An issue was discovered in Verint Impact 360 15.1. At wfo/control/signin, the rd parameter can accept a URL, to which users will be redirected after a successful login. In conjunction with CVE-2019-12784, this can be used by attackers to "crowdsource" bruteforce login attempts on the target site, allowing them to guess and potentially compromise valid credentials without ever sending any traffic from their own machine to the target site.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Verint | Impact 360 | 15.1 |
Related Weaknesses (CWE)
References
- http://packetstormsecurity.com/files/158412/Verint-Impact-360-15.1-Open-RedirectThird Party AdvisoryVDB Entry
- https://seclists.org/fulldisclosure/2020/Jul/16Mailing ListThird Party Advisory
- http://packetstormsecurity.com/files/158412/Verint-Impact-360-15.1-Open-RedirectThird Party AdvisoryVDB Entry
- https://seclists.org/fulldisclosure/2020/Jul/16Mailing ListThird Party Advisory
FAQ
What is CVE-2019-12783?
CVE-2019-12783 is a vulnerability with a CVSS score of 6.1 (MEDIUM). An issue was discovered in Verint Impact 360 15.1. At wfo/control/signin, the rd parameter can accept a URL, to which users will be redirected after a successful login. In conjunction with CVE-2019-12...
How severe is CVE-2019-12783?
CVE-2019-12783 has been rated MEDIUM with a CVSS base score of 6.1/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2019-12783?
Check the references section above for vendor advisories and patch information. Affected products include: Verint Impact 360.