Vulnerabilities (CVE)

Join the Common Vulnerabilities and Exposures (CVE) community and start to get notified about new vulnerabilities.

Filtered by vendor Verint Subscribe
Total 13 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2020-12744 1 Verint 1 Desktop And Process Analytics 2022-10-21 N/A 7.8 HIGH
The MSI installer in Verint Desktop Resources 15.2 allows an unprivileged local user to elevate their privileges during install or repair.
CVE-2021-41825 1 Verint 1 Workforce Optimization 2022-05-03 5.0 MEDIUM 5.3 MEDIUM
Verint Workforce Optimization (WFO) 15.2.5.1033 allows HTML injection via the /wfo/control/signin username parameter.
CVE-2021-36450 1 Verint 1 Workforce Optimization 2021-12-15 4.3 MEDIUM 6.1 MEDIUM
Verint Workforce Optimization (WFO) 15.2.8.10048 allows XSS via the control/my_notifications NEWUINAV parameter.
CVE-2020-23446 1 Verint 1 Workforce Optimization 2021-07-21 5.0 MEDIUM 5.3 MEDIUM
Verint Workforce Optimization suite 15.1 (15.1.0.37634) has Unauthenticated Information Disclosure via API
CVE-2020-13480 1 Verint 1 Workforce Optimization 2021-07-21 3.5 LOW 5.4 MEDIUM
Verint Workforce Optimization (WFO) 15.2 allows HTML injection via the "send email" feature.
CVE-2020-24056 1 Verint 6 4320, 4320 Firmware, 5620ptz and 3 more 2021-07-21 5.0 MEDIUM 7.5 HIGH
A hardcoded credentials vulnerability exists in Verint 5620PTZ Verint_FW_0_42, Verint 4320 V4320_FW_0_23, V4320_FW_0_31, and Verint S5120FD Verint_FW_0_42units. This could cause a confidentiality issue when using the FTP, Telnet, or SSH protocols.
CVE-2018-17871 1 Verint 1 Verba Collaboration Compliance And Quality Management Platform 2020-09-29 4.0 MEDIUM 6.5 MEDIUM
Verba Collaboration Compliance and Quality Management Platform before 9.2.1.5545 has Incorrect Access Control.
CVE-2020-24057 1 Verint 2 S5120fd, S5120fd Firmware 2020-08-27 9.0 HIGH 8.8 HIGH
The management website of the Verint S5120FD Verint_FW_0_42 unit features a CGI endpoint ('ipfilter.cgi') that allows the user to manage network filtering on the unit. This endpoint is vulnerable to a command injection. An authenticated attacker can leverage this issue to execute arbitrary commands as 'root'.
CVE-2020-24055 1 Verint 4 4320, 4320 Firmware, 5620ptz and 1 more 2020-08-27 7.5 HIGH 9.8 CRITICAL
Verint 5620PTZ Verint_FW_0_42 and Verint 4320 V4320_FW_0_23, and V4320_FW_0_31 units feature an autodiscovery service implemented in the binary executable '/usr/sbin/DM' that listens on port TCP 6666. The service is vulnerable to a stack buffer overflow. It is worth noting that this service does not require any authentication.
CVE-2018-17872 1 Verint 2 Collaboration Compliance, Quality Management Platform 2020-08-24 6.5 MEDIUM 8.8 HIGH
Verba Collaboration Compliance and Quality Management Platform before 9.2.1.5545 has Insecure Permissions.
CVE-2019-12784 1 Verint 1 Impact 360 2020-07-16 6.8 MEDIUM 8.8 HIGH
An issue was discovered in Verint Impact 360 15.1. At wfo/control/signin, the login form can accept submissions from external websites. In conjunction with CVE-2019-12783, this can be used by attackers to "crowdsource" bruteforce login attempts on the target site, allowing them to guess and potentially compromise valid credentials without ever sending any traffic from their own machine to the target site.
CVE-2019-12783 1 Verint 1 Impact 360 2020-07-16 5.8 MEDIUM 6.1 MEDIUM
An issue was discovered in Verint Impact 360 15.1. At wfo/control/signin, the rd parameter can accept a URL, to which users will be redirected after a successful login. In conjunction with CVE-2019-12784, this can be used by attackers to "crowdsource" bruteforce login attempts on the target site, allowing them to guess and potentially compromise valid credentials without ever sending any traffic from their own machine to the target site.
CVE-2019-12773 1 Verint 1 Impact 360 2020-07-16 4.3 MEDIUM 6.1 MEDIUM
An issue was discovered in Verint Impact 360 15.1. At wfo/help/help_popup.jsp, the helpURL parameter can be changed to embed arbitrary content inside of an iFrame. Attackers may use this in conjunction with social engineering to embed malicious scripts or phishing pages on a site where this product is installed, given the attacker can convince a victim to visit a crafted link.