The CCAgent option 9.0.8.4 and earlier in the management server (aka TSA) component in Alcatel-Lucent OmniTouch Contact Center Standard Edition relies on client-side authorization checking, and unconditionally sends the SuperUser password to the client for use during an authorized session, which allows remote attackers to monitor or reconfigure Contact Center operations via a modified client application.
References
Configurations
Configuration 1 (hide)
AND |
|
Information
Published : 2010-09-23 12:00
Updated : 2017-08-16 18:32
NVD link : CVE-2010-3280
Mitre link : CVE-2010-3280
JSON object : View
CWE
CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
Products Affected
alcatel-lucent
- omnitouch_contact_center
- ccagent