Vendor CVEs
Verity
All CVEs
24 total · sorted by risk| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2026-21730 | Med | 0.40 | 6.1 | 0.00 | May 14, 2026 | Verba is affected by a Stored Cross-Site Scripting (XSS) vulnerability within its login logging mechanism. When an unauthenticated remote attacker attempts to log in using an incorrect username and password combination, the supplied username value is recorded in the application… | ||
| CVE-2009-0347 | 0.04 | — | 0.10 | Jan 29, 2009 | Open redirect vulnerability in cs.html in the Autonomy (formerly Verity) Ultraseek search engine allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via the url parameter. | |||
| CVE-2007-6593 | 0.04 | — | 0.06 | Dec 28, 2007 | Multiple stack-based buffer overflows in l123sr.dll in Autonomy (formerly Verity) KeyView SDK, as used by IBM Lotus Notes 5.x through 8.x, allow user-assisted remote attackers to execute arbitrary code via the (1) Length and (2) Value fields for certain Types in a Lotus 1-2-3… | |||
| CVE-2002-0370 | 0.03 | — | 0.43 | Oct 10, 2002 | Buffer overflow in the ZIP capability for multiple products allows remote attackers to cause a denial of service or execute arbitrary code via ZIP files containing entries with long filenames, including (1) Microsoft Windows 98 with Plus! Pack, (2) Windows XP, (3) Windows ME,… | |||
| CVE-2021-36450 | 0.02 | — | 0.69 | Dec 15, 2021 | Verint Workforce Optimization (WFO) 15.2.8.10048 allows XSS via the control/my_notifications NEWUINAV parameter. | |||
| CVE-2020-24057 | 0.02 | — | 0.05 | Aug 21, 2020 | The management website of the Verint S5120FD Verint_FW_0_42 unit features a CGI endpoint ('ipfilter.cgi') that allows the user to manage network filtering on the unit. This endpoint is vulnerable to a command injection. An authenticated attacker can leverage this issue to… | |||
| CVE-2006-5819 | 0.01 | — | 0.06 | Nov 18, 2006 | Verity Ultraseek before 5.7 allows remote attackers to use the server as a proxy for web attacks and host scanning via a direct request to the highlight/index.html script. | |||
| CVE-2024-36396 | 0.00 | — | 0.00 | Jun 13, 2024 | Verint - CWE-434: Unrestricted Upload of File with Dangerous Type | |||
| CVE-2024-36395 | 0.00 | — | 0.00 | Jun 13, 2024 | Verint - CWE-80: Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) | |||
| CVE-2023-33257 | 0.00 | — | 0.00 | Aug 2, 2023 | Verint Engagement Management 15.3 Update 2023R2 is vulnerable to HTML injection via the user data form in the live chat. | |||
| CVE-2020-12744 | 0.00 | — | 0.00 | Oct 20, 2022 | The MSI installer in Verint Desktop Resources 15.2 allows an unprivileged local user to elevate their privileges during install or repair. | |||
| CVE-2021-41825 | 0.00 | — | 0.01 | Oct 8, 2021 | Verint Workforce Optimization (WFO) 15.2.5.1033 allows HTML injection via the /wfo/control/signin username parameter. | |||
| CVE-2020-23446 | 0.00 | — | 0.01 | Sep 22, 2020 | Verint Workforce Optimization suite 15.1 (15.1.0.37634) has Unauthenticated Information Disclosure via API | |||
| CVE-2020-24056 | 0.00 | — | 0.01 | Aug 21, 2020 | A hardcoded credentials vulnerability exists in Verint 5620PTZ Verint_FW_0_42, Verint 4320 V4320_FW_0_23, V4320_FW_0_31, and Verint S5120FD Verint_FW_0_42units. This could cause a confidentiality issue when using the FTP, Telnet, or SSH protocols. | |||
| CVE-2020-24055 | 0.00 | — | 0.02 | Aug 21, 2020 | Verint 5620PTZ Verint_FW_0_42 and Verint 4320 V4320_FW_0_23, and V4320_FW_0_31 units feature an autodiscovery service implemented in the binary executable '/usr/sbin/DM' that listens on port TCP 6666. The service is vulnerable to a stack buffer overflow. It is worth noting that… | |||
| CVE-2019-12773 | 0.00 | — | 0.01 | Jul 14, 2020 | An issue was discovered in Verint Impact 360 15.1. At wfo/help/help_popup.jsp, the helpURL parameter can be changed to embed arbitrary content inside of an iFrame. Attackers may use this in conjunction with social engineering to embed malicious scripts or phishing pages on a… | |||
| CVE-2019-12784 | 0.00 | — | 0.01 | Jul 14, 2020 | An issue was discovered in Verint Impact 360 15.1. At wfo/control/signin, the login form can accept submissions from external websites. In conjunction with CVE-2019-12783, this can be used by attackers to "crowdsource" bruteforce login attempts on the target site, allowing them… | |||
| CVE-2019-12783 | 0.00 | — | 0.01 | Jul 14, 2020 | An issue was discovered in Verint Impact 360 15.1. At wfo/control/signin, the rd parameter can accept a URL, to which users will be redirected after a successful login. In conjunction with CVE-2019-12784, this can be used by attackers to "crowdsource" bruteforce login attempts… | |||
| CVE-2020-13480 | 0.00 | — | 0.01 | Jun 22, 2020 | Verint Workforce Optimization (WFO) 15.2 allows HTML injection via the "send email" feature. | |||
| CVE-2006-5970 | 0.00 | — | 0.02 | Nov 18, 2006 | Verity Ultraseek before 5.7 allows remote attackers to obtain sensitive information via direct requests with (1) a null ("%00") terminated url parameter to help/urlstatusgo.html; or missing parameters to (2) help/header.html, (3) help/footer.html, (4) spell.html, (5)… | |||
| CVE-2006-5971 | 0.00 | — | 0.02 | Nov 18, 2006 | Absolute path traversal vulnerability in admin/logfile.txt in Verity Ultraseek before 5.6.2 allows remote attackers to read arbitrary files via the name variable. | |||
| CVE-2005-0514 | 0.00 | — | 0.02 | Feb 22, 2005 | Cross-site scripting (XSS) vulnerability in Verity Ultraseek before 5.3.3 allows remote attackers to inject arbitrary HTML and web script via search parameters. | |||
| CVE-2004-0050 | 0.00 | — | 0.01 | Jun 14, 2004 | Verity Ultraseek before 5.2.2 allows remote attackers to obtain the full pathname of the document root via an MS-DOS device name in the web search option, such as (1) NUL, (2) CON, (3) AUX, (4) COM1, (5) COM2, and others. | |||
| CVE-2002-1651 | 0.00 | — | 0.01 | Dec 31, 2002 | Cross-site scripting (XSS) vulnerability in Verity Search97 allows remote attackers to insert arbitrary web content and steal sensitive information from other clients, possibly due to certain error messages from template pages that use the (1) vformat or (2) vfilter functions. |
- risk 0.40cvss 6.1epss 0.00
Verba is affected by a Stored Cross-Site Scripting (XSS) vulnerability within its login logging mechanism. When an unauthenticated remote attacker attempts to log in using an incorrect username and password combination, the supplied username value is recorded in the application…
- CVE-2009-0347Jan 29, 2009risk 0.04cvss —epss 0.10
Open redirect vulnerability in cs.html in the Autonomy (formerly Verity) Ultraseek search engine allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via the url parameter.
- CVE-2007-6593Dec 28, 2007risk 0.04cvss —epss 0.06
Multiple stack-based buffer overflows in l123sr.dll in Autonomy (formerly Verity) KeyView SDK, as used by IBM Lotus Notes 5.x through 8.x, allow user-assisted remote attackers to execute arbitrary code via the (1) Length and (2) Value fields for certain Types in a Lotus 1-2-3…
- CVE-2002-0370Oct 10, 2002risk 0.03cvss —epss 0.43
Buffer overflow in the ZIP capability for multiple products allows remote attackers to cause a denial of service or execute arbitrary code via ZIP files containing entries with long filenames, including (1) Microsoft Windows 98 with Plus! Pack, (2) Windows XP, (3) Windows ME,…
- CVE-2021-36450Dec 15, 2021risk 0.02cvss —epss 0.69
Verint Workforce Optimization (WFO) 15.2.8.10048 allows XSS via the control/my_notifications NEWUINAV parameter.
- CVE-2020-24057Aug 21, 2020risk 0.02cvss —epss 0.05
The management website of the Verint S5120FD Verint_FW_0_42 unit features a CGI endpoint ('ipfilter.cgi') that allows the user to manage network filtering on the unit. This endpoint is vulnerable to a command injection. An authenticated attacker can leverage this issue to…
- CVE-2006-5819Nov 18, 2006risk 0.01cvss —epss 0.06
Verity Ultraseek before 5.7 allows remote attackers to use the server as a proxy for web attacks and host scanning via a direct request to the highlight/index.html script.
- CVE-2024-36396Jun 13, 2024risk 0.00cvss —epss 0.00
Verint - CWE-434: Unrestricted Upload of File with Dangerous Type
- CVE-2024-36395Jun 13, 2024risk 0.00cvss —epss 0.00
Verint - CWE-80: Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS)
- CVE-2023-33257Aug 2, 2023risk 0.00cvss —epss 0.00
Verint Engagement Management 15.3 Update 2023R2 is vulnerable to HTML injection via the user data form in the live chat.
- CVE-2020-12744Oct 20, 2022risk 0.00cvss —epss 0.00
The MSI installer in Verint Desktop Resources 15.2 allows an unprivileged local user to elevate their privileges during install or repair.
- CVE-2021-41825Oct 8, 2021risk 0.00cvss —epss 0.01
Verint Workforce Optimization (WFO) 15.2.5.1033 allows HTML injection via the /wfo/control/signin username parameter.
- CVE-2020-23446Sep 22, 2020risk 0.00cvss —epss 0.01
Verint Workforce Optimization suite 15.1 (15.1.0.37634) has Unauthenticated Information Disclosure via API
- CVE-2020-24056Aug 21, 2020risk 0.00cvss —epss 0.01
A hardcoded credentials vulnerability exists in Verint 5620PTZ Verint_FW_0_42, Verint 4320 V4320_FW_0_23, V4320_FW_0_31, and Verint S5120FD Verint_FW_0_42units. This could cause a confidentiality issue when using the FTP, Telnet, or SSH protocols.
- CVE-2020-24055Aug 21, 2020risk 0.00cvss —epss 0.02
Verint 5620PTZ Verint_FW_0_42 and Verint 4320 V4320_FW_0_23, and V4320_FW_0_31 units feature an autodiscovery service implemented in the binary executable '/usr/sbin/DM' that listens on port TCP 6666. The service is vulnerable to a stack buffer overflow. It is worth noting that…
- CVE-2019-12773Jul 14, 2020risk 0.00cvss —epss 0.01
An issue was discovered in Verint Impact 360 15.1. At wfo/help/help_popup.jsp, the helpURL parameter can be changed to embed arbitrary content inside of an iFrame. Attackers may use this in conjunction with social engineering to embed malicious scripts or phishing pages on a…
- CVE-2019-12784Jul 14, 2020risk 0.00cvss —epss 0.01
An issue was discovered in Verint Impact 360 15.1. At wfo/control/signin, the login form can accept submissions from external websites. In conjunction with CVE-2019-12783, this can be used by attackers to "crowdsource" bruteforce login attempts on the target site, allowing them…
- CVE-2019-12783Jul 14, 2020risk 0.00cvss —epss 0.01
An issue was discovered in Verint Impact 360 15.1. At wfo/control/signin, the rd parameter can accept a URL, to which users will be redirected after a successful login. In conjunction with CVE-2019-12784, this can be used by attackers to "crowdsource" bruteforce login attempts…
- CVE-2020-13480Jun 22, 2020risk 0.00cvss —epss 0.01
Verint Workforce Optimization (WFO) 15.2 allows HTML injection via the "send email" feature.
- CVE-2006-5970Nov 18, 2006risk 0.00cvss —epss 0.02
Verity Ultraseek before 5.7 allows remote attackers to obtain sensitive information via direct requests with (1) a null ("%00") terminated url parameter to help/urlstatusgo.html; or missing parameters to (2) help/header.html, (3) help/footer.html, (4) spell.html, (5)…
- CVE-2006-5971Nov 18, 2006risk 0.00cvss —epss 0.02
Absolute path traversal vulnerability in admin/logfile.txt in Verity Ultraseek before 5.6.2 allows remote attackers to read arbitrary files via the name variable.
- CVE-2005-0514Feb 22, 2005risk 0.00cvss —epss 0.02
Cross-site scripting (XSS) vulnerability in Verity Ultraseek before 5.3.3 allows remote attackers to inject arbitrary HTML and web script via search parameters.
- CVE-2004-0050Jun 14, 2004risk 0.00cvss —epss 0.01
Verity Ultraseek before 5.2.2 allows remote attackers to obtain the full pathname of the document root via an MS-DOS device name in the web search option, such as (1) NUL, (2) CON, (3) AUX, (4) COM1, (5) COM2, and others.
- CVE-2002-1651Dec 31, 2002risk 0.00cvss —epss 0.01
Cross-site scripting (XSS) vulnerability in Verity Search97 allows remote attackers to insert arbitrary web content and steal sensitive information from other clients, possibly due to certain error messages from template pages that use the (1) vformat or (2) vfilter functions.