Vulnerability Description
An issue was discovered in Verint Impact 360 15.1. At wfo/control/signin, the login form can accept submissions from external websites. In conjunction with CVE-2019-12783, this can be used by attackers to "crowdsource" bruteforce login attempts on the target site, allowing them to guess and potentially compromise valid credentials without ever sending any traffic from their own machine to the target site.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Verint | Impact 360 | 15.1 |
Related Weaknesses (CWE)
References
- http://packetstormsecurity.com/files/158413/Verint-Impact-360-15.1-Cross-Site-ReThird Party AdvisoryVDB Entry
- https://seclists.org/fulldisclosure/2020/Jul/17Mailing ListThird Party Advisory
- http://packetstormsecurity.com/files/158413/Verint-Impact-360-15.1-Cross-Site-ReThird Party AdvisoryVDB Entry
- https://seclists.org/fulldisclosure/2020/Jul/17Mailing ListThird Party Advisory
FAQ
What is CVE-2019-12784?
CVE-2019-12784 is a vulnerability with a CVSS score of 8.8 (HIGH). An issue was discovered in Verint Impact 360 15.1. At wfo/control/signin, the login form can accept submissions from external websites. In conjunction with CVE-2019-12783, this can be used by attacker...
How severe is CVE-2019-12784?
CVE-2019-12784 has been rated HIGH with a CVSS base score of 8.8/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2019-12784?
Check the references section above for vendor advisories and patch information. Affected products include: Verint Impact 360.