CVE-2019-12784

Published: Jul 14, 2020Modified: Nov 21, 2024

8.8

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Exploitability: 2.8 / Impact: 5.9

Source: NVD

Description

An issue was discovered in Verint Impact 360 15.1. At wfo/control/signin, the login form can accept submissions from external websites. In conjunction with CVE-2019-12783, this can be used by attackers to "crowdsource" bruteforce login attempts on the target site, allowing them to guess and potentially compromise valid credentials without ever sending any traffic from their own machine to the target site.

Affected (1)

Products: Verint: Impact 360

1 product

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Verint Impact 360	Version 15.1

Related CWEs

Cross-Site Request Forgery (CSRF)

The web application does not, or can not, sufficiently verify whether a well-formed, valid, consistent request was intentionally provided by the user who submitted the request.

References (4)

http://packetstormsecurity.com/files/158413/Verint-Impact-360-15.1-Cross-Site-Request-Forgery.html

Source: cve@mitre.org

Third Party AdvisoryVDB Entry

https://seclists.org/fulldisclosure/2020/Jul/17

Source: cve@mitre.org

Mailing ListThird Party Advisory

http://packetstormsecurity.com/files/158413/Verint-Impact-360-15.1-Cross-Site-Request-Forgery.html

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party AdvisoryVDB Entry

https://seclists.org/fulldisclosure/2020/Jul/17

Source: af854a3a-2127-422b-91ae-364da2661108

Mailing ListThird Party Advisory

Timeline

No history available yet.