CVE-2020-23446 Verint Workforce Optimization (WFO)
Vulnerable Software : Verint Workforce Optimization (WFO) Vulnerability : Unauthenticated Information Disclosure via API Affected Version: 15.1 (15.1.0.37634) Vendor Homepage: Link CVE: 2020-23446 CVE Author: Tejas Nitin Pingulkar Exploit Available: POC Available About Affected Software: Verint Workforce Optimization is a suite of unified software and services for capturing interactions and managing the performance of employees across the enterprise or in targeted areas of your business, including: Back-office operations Branch operations Contact centers Financial trading rooms Additional Information : Verint WFO application provides functionality to download topology reports to authenticated users, however, using direct object reference/API unauthenticated attacker can obtain reports. Exploit: Access URL : [IP/Domain]/wfo/rest/em-api/v1/topology/ generation Note: only most recently generated report can be obtained by the attacker Patch : Patched in version 15.2 POC: Timel