Verint Impact 360 11.1 Open Redirect
Posted on 11 November 2016
URL Redirection Vulnerability In Verint Impact 360 Overview ======== * Title : URL Redirection Vulnerability In Verint Impact 360 * Author: Sanehdeep Singh * Plugin Homepage: http://www.verint.com * Severity: Medium * Version Affected: 11.1 * Version patched: Patches available. Contact Vendor Description =========== About the Product ================= Verint Impact 360 is a quality monitoring/call recording, workforce management, performance management, and eLearning help optimize business operations, customer relationships,and personnel enterprise-wide application. Vulnerable Parameter -------------------- UserSettings_Frames.aspx?returl=URL About Vulnerability ------------------- Verint Impact 360 application is vulnerable to URL redirection vulnerability. This type of vulnerability could be used to accomplish a phishing attack or redirect a victim to an infection page. #Live Poc URL https://XXX/Ultra/Settings/UserSettings_Frames.aspx?returl=/Ultra/HomePage_Frames.aspx Mitigation ========== Contact Verint team for Mitigation. Disclosure ========== 29-August-2016 Reported to Verint Team Credits ======= * Sanehdeep Singh * Senior Consultant * ControlCase International Pvt Ltd.