CVE-2019-12784

Name of the Vulnerable Software and Affected Versions: Verint Impact 360 version 15.1

Description: An issue was discovered where the login form at the /wfo/control/signin API endpoint can accept submissions from external websites. This can be exploited by attackers to crowdsource brute-force login attempts, potentially compromising valid credentials without sending traffic from their own machine to the target site.

Recommendations: For Verint Impact 360 version 15.1, consider restricting access to the /wfo/control/signin API endpoint to prevent external submissions until a fix is available. Additionally, monitor login attempts for suspicious activity to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.