BugTraq
URL Redirection Vulnerability In Verint Impact 360 Nov 08 2016 06:09PM
sanehsingh controlcase com
URL Redirection Vulnerability In Verint Impact 360

Overview
========

* Title : URL Redirection Vulnerability In Verint Impact 360
* Author: Sanehdeep Singh
* Plugin Homepage: http://www.verint.com
* Severity: Medium
* Version Affected: 11.1
* Version patched: Patches available. Contact Vendor

Description
===========

About the Product
=================
Verint Impact 360 is a quality monitoring/call recording, workforce management, performance management, and eLearning help optimize business operations, customer relationships,and personnel enterprise-wide application.

Vulnerable Parameter
--------------------

UserSettings_Frames.aspx?returl=URL

About Vulnerability
-------------------
Verint Impact 360 application is vulnerable to URL redirection vulnerability. This type of vulnerability could be used to accomplish a phishing attack or redirect a victim to an infection page.

#Live Poc URL
https://XXX/Ultra/Settings/UserSettings_Frames.aspx?returl=/Ultra/HomePa
ge_Frames.aspx

Mitigation
==========
Contact Verint team for Mitigation.

Disclosure
==========
29-August-2016 Reported to Verint Team

Credits
=======
* Sanehdeep Singh
* Senior Consultant
* ControlCase International Pvt Ltd.

[ reply ]


 

Privacy Statement
Copyright 2010, SecurityFocus