URL Redirection Vulnerability In Verint Impact 360

Overview
========

* Title : URL Redirection Vulnerability In Verint Impact 360
* Author: Sanehdeep Singh
* Plugin Homepage: http://www.verint.com 
* Severity: Medium
* Version Affected: 11.1
* Version patched: Patches available. Contact Vendor

Description 
===========

About the Product
=================
Verint Impact 360 is a quality monitoring/call recording, workforce management, performance management, and eLearning help optimize business operations, customer relationships,and personnel enterprise-wide application. 

Vulnerable Parameter 
--------------------

UserSettings_Frames.aspx?returl=URL

About Vulnerability
-------------------
Verint Impact 360 application is vulnerable to URL redirection vulnerability. This type of vulnerability could be used to accomplish a phishing attack or redirect a victim to an infection page.

#Live Poc URL
https://XXX/Ultra/Settings/UserSettings_Frames.aspx?returl=/Ultra/HomePage_Frames.aspx

Mitigation 
==========
Contact Verint team for Mitigation.

Disclosure 
==========
29-August-2016 Reported to Verint Team
 
Credits
=======
* Sanehdeep  Singh 
* Senior Consultant
* ControlCase International Pvt Ltd.