Unrated severityNVD Advisory· Published Sep 23, 2010· Updated Apr 29, 2026

CVE-2010-3280

Description

The CCAgent option 9.0.8.4 and earlier in the management server (aka TSA) component in Alcatel-Lucent OmniTouch Contact Center Standard Edition relies on client-side authorization checking, and unconditionally sends the SuperUser password to the client for use during an authorized session, which allows remote attackers to monitor or reconfigure Contact Center operations via a modified client application.

Affected products

Alcatel Lucent/Ccagent2 versions
cpe:2.3:a:alcatel-lucent:ccagent:*:*:*:*:*:*:*:*+ 1 more
- cpe:2.3:a:alcatel-lucent:ccagent:*:*:*:*:*:*:*:*range: <=8.0
- cpe:2.3:a:alcatel-lucent:ccagent:7.1:*:*:*:*:*:*:*
Alcatel Lucent/Omnitouch Contact Center
cpe:2.3:a:alcatel-lucent:omnitouch_contact_center:-:-:std:*:*:*:*:*

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

secunia.com/advisories/41547nvdVendor Advisory
www.alcatel-lucent.com/wps/DocumentStreamerServletnvdVendor Advisory
www.vupen.com/english/advisories/2010/2459nvdVendor Advisory
www.nruns.com/_downloads/nruns-SA-2010-001.pdfnvd
www.securityfocus.com/archive/1/513869nvd
www.securityfocus.com/bid/43340nvd
exchange.xforce.ibmcloud.com/vulnerabilities/61920nvd

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000