CVE-2010-3280

Name of the Vulnerable Software and Affected Versions Alcatel-Lucent OmniTouch Contact Center Standard Edition versions 9.0.8.4 and earlier

Description The issue relies on client-side authorization checking and unconditionally sends the SuperUser password to the client for use during an authorized session. This allows remote attackers to monitor or reconfigure Contact Center operations via a modified client application.

Recommendations For versions 9.0.8.4 and earlier, consider restricting access to the management server component to minimize the risk of exploitation until a fix is available. As a temporary workaround, limit the use of client applications that may be modified to exploit this issue. At the moment, there is no information about a newer version that contains a fix for this vulnerability.