CVE-2019-12784

HIGH

Verint Impact 360 15.1 - Cross-Site Request Forgery in Login Form

Title source: llm
STIX 2.1

Description

An issue was discovered in Verint Impact 360 15.1. At wfo/control/signin, the login form can accept submissions from external websites. In conjunction with CVE-2019-12783, this can be used by attackers to "crowdsource" bruteforce login attempts on the target site, allowing them to guess and potentially compromise valid credentials without ever sending any traffic from their own machine to the target site.

References (2)

Core 2
Core References
Mailing List, Third Party Advisory x_refsource_misc
https://seclists.org/fulldisclosure/2020/Jul/17

Scores

CVSS v3 8.8
EPSS 0.0069
EPSS Percentile 48.1%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Details

CWE
CWE-352
Status published
Products (1)
verint/impact_360 15.1
Published Jul 14, 2020
Tracked Since Feb 18, 2026