Cross-Site Request Forgery in Verint Impact 360 by Verint Systems
CVE-2019-12784

8.8HIGH

Key Information:

Vendor: Verint
Status: Impact 360
Vendor: CVE Published:; 14 July 2020

What is CVE-2019-12784?

A vulnerability in Verint Impact 360 15.1 allows external websites to submit login form data, potentially leading to password guessing attacks. By exploiting this weakness alongside another vulnerability, attackers can conduct brute force login attempts on the affected site while circumventing traffic analysis, significantly increasing the risk of credential compromise.

References

https://seclists.org/fulldisclosure/2020/Jul/17

x_refsource_MISC

http://packetstormsecurity.com/files/158413/Verint-Impact...

x_refsource_MISC

CVSS V3.1

Score:

8.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jul 14, 2020
Vulnerability Reserved
Jun 10, 2019

CVE-2019-12784 Data

JSON