Verint Impact 360 version 11.1 suffers from an open redirection vulnerability.
90b86698e84b565bf822062eee3cb8a8a648d26b748b7e8d05a0febd3793bd37
URL Redirection Vulnerability In Verint Impact 360
Overview
========
* Title : URL Redirection Vulnerability In Verint Impact 360
* Author: Sanehdeep Singh
* Plugin Homepage: http://www.verint.com
* Severity: Medium
* Version Affected: 11.1
* Version patched: Patches available. Contact Vendor
Description
===========
About the Product
=================
Verint Impact 360 is a quality monitoring/call recording, workforce management, performance management, and eLearning help optimize business operations, customer relationships,and personnel enterprise-wide application.
Vulnerable Parameter
--------------------
UserSettings_Frames.aspx?returl=URL
About Vulnerability
-------------------
Verint Impact 360 application is vulnerable to URL redirection vulnerability. This type of vulnerability could be used to accomplish a phishing attack or redirect a victim to an infection page.
#Live Poc URL
https://XXX/Ultra/Settings/UserSettings_Frames.aspx?returl=/Ultra/HomePage_Frames.aspx
Mitigation
==========
Contact Verint team for Mitigation.
Disclosure
==========
29-August-2016 Reported to Verint Team
Credits
=======
* Sanehdeep Singh
* Senior Consultant
* ControlCase International Pvt Ltd.