Unrated severityNVD Advisory· Published Sep 23, 2010· Updated Jun 16, 2026
CVE-2010-3280
CVE-2010-3280
Description
The CCAgent option 9.0.8.4 and earlier in the management server (aka TSA) component in Alcatel-Lucent OmniTouch Contact Center Standard Edition relies on client-side authorization checking, and unconditionally sends the SuperUser password to the client for use during an authorized session, which allows remote attackers to monitor or reconfigure Contact Center operations via a modified client application.
Affected products
4cpe:2.3:a:alcatel-lucent:ccagent:*:*:*:*:*:*:*:*+ 1 more
- cpe:2.3:a:alcatel-lucent:ccagent:*:*:*:*:*:*:*:*range: <=8.0
- cpe:2.3:a:alcatel-lucent:ccagent:7.1:*:*:*:*:*:*:*
cpe:2.3:a:alcatel-lucent:omnitouch_contact_center:-:-:std:*:*:*:*:*+ 1 more
- cpe:2.3:a:alcatel-lucent:omnitouch_contact_center:-:-:std:*:*:*:*:*
- (no CPE)range: <=9.0.8.4
Patches
Vulnerability mechanics
References
7- secunia.com/advisories/41547nvdVendor Advisory
- www.alcatel-lucent.com/wps/DocumentStreamerServletnvdVendor Advisory
- www.vupen.com/english/advisories/2010/2459nvdVendor Advisory
- www.nruns.com/_downloads/nruns-SA-2010-001.pdfnvd
- www.securityfocus.com/archive/1/513869nvd
- www.securityfocus.com/bid/43340nvd
- exchange.xforce.ibmcloud.com/vulnerabilities/61920nvd
News mentions
0No linked articles in our index yet.