verint CVE Vulnerabilities & Metrics

Focus on verint vulnerabilities and metrics.

Last updated: 08 Mar 2025, 23:25 UTC

About verint Security Exposure

This page consolidates all known Common Vulnerabilities and Exposures (CVEs) associated with verint. We track both calendar-based metrics (using fixed periods) and rolling metrics (using gliding windows) to give you a comprehensive view of security trends and risk evolution. Use these insights to assess risk and plan your patching strategy.

For a broader perspective on cybersecurity threats, explore the comprehensive list of CVEs by vendor and product. Stay updated on critical vulnerabilities affecting major software and hardware providers.

Global CVE Overview

Total verint CVEs: 15
Earliest CVE date: 04 Oct 2018, 19:29 UTC
Latest CVE date: 13 Jun 2024, 13:15 UTC

Latest CVE reference: CVE-2024-36396

Rolling Stats

30-day Count (Rolling): 0
365-day Count (Rolling): 2

Calendar-based Variation

Calendar-based Variation compares a fixed calendar period (e.g., this month versus the same month last year), while Rolling Growth Rate uses a continuous window (e.g., last 30 days versus the previous 30 days) to capture trends independent of calendar boundaries.

Variations & Growth

Month Variation (Calendar): 0%
Year Variation (Calendar): 100.0%

Month Growth Rate (30-day Rolling): 0.0%
Year Growth Rate (365-day Rolling): 100.0%

Monthly CVE Trends (current vs previous Year)

Annual CVE Trends (Last 20 Years)

Critical verint CVEs (CVSS ≥ 9) Over 20 Years

CVSS Stats

Average CVSS: 4.01

Max CVSS: 9.0

Critical CVEs (≥9): 1

CVSS Range vs. Count

Range	Count
0.0-3.9	5
4.0-6.9	8
7.0-8.9	1
9.0-10.0	1

CVSS Distribution Chart

Top 5 Highest CVSS verint CVEs

These are the five CVEs with the highest CVSS scores for verint, sorted by severity first and recency.

CVE-2020-24057 verint Published on 21 Aug 2020, 15:15 UTC (CVSS: 9.0)
The management website of the Verint S5120FD Verint_FW_0_42 unit features a CGI endpoint ('ipfilter.cgi') that allows the user to manage network filtering on the unit. This endpoint is vulnerable to a command injection. An authenticated attacker can leverage this issue to execute arbitrary commands as 'root'.
CVE-2020-24055 verint Published on 21 Aug 2020, 15:15 UTC (CVSS: 7.5)
Verint 5620PTZ Verint_FW_0_42 and Verint 4320 V4320_FW_0_23, and V4320_FW_0_31 units feature an autodiscovery service implemented in the binary executable '/usr/sbin/DM' that listens on port TCP 6666. The service is vulnerable to a stack buffer overflow. It is worth noting that this service does not require any authentication.
CVE-2019-12784 verint Published on 14 Jul 2020, 20:15 UTC (CVSS: 6.8)
An issue was discovered in Verint Impact 360 15.1. At wfo/control/signin, the login form can accept submissions from external websites. In conjunction with CVE-2019-12783, this can be used by attackers to "crowdsource" bruteforce login attempts on the target site, allowing them to guess and potentially compromise valid credentials without ever sending any traffic from their own machine to the t...
CVE-2019-12783 verint Published on 14 Jul 2020, 20:15 UTC (CVSS: 5.8)
An issue was discovered in Verint Impact 360 15.1. At wfo/control/signin, the rd parameter can accept a URL, to which users will be redirected after a successful login. In conjunction with CVE-2019-12784, this can be used by attackers to "crowdsource" bruteforce login attempts on the target site, allowing them to guess and potentially compromise valid credentials without ever sending any traffi...
CVE-2021-41825 verint Published on 08 Oct 2021, 16:15 UTC (CVSS: 5.0)
Verint Workforce Optimization (WFO) 15.2.5.1033 allows HTML injection via the /wfo/control/signin username parameter.

All CVEs for verint

CVE-2024-36396 verint vulnerability CVSS: 0 13 Jun 2024, 13:15 UTC

Verint - CWE-434: Unrestricted Upload of File with Dangerous Type

CVE-2024-36395 verint vulnerability CVSS: 0 13 Jun 2024, 13:15 UTC

Verint - CWE-80: Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS)

CVE-2023-33257 verint vulnerability CVSS: 0 02 Aug 2023, 14:15 UTC

Verint Engagement Management 15.3 Update 2023R2 is vulnerable to HTML injection via the user data form in the live chat.

CVE-2020-12744 verint vulnerability CVSS: 0 20 Oct 2022, 11:15 UTC

The MSI installer in Verint Desktop Resources 15.2 allows an unprivileged local user to elevate their privileges during install or repair.

CVE-2021-36450 verint vulnerability CVSS: 4.3 15 Dec 2021, 07:15 UTC

Verint Workforce Optimization (WFO) 15.2.8.10048 allows XSS via the control/my_notifications NEWUINAV parameter.

CVE-2021-41825 verint vulnerability CVSS: 5.0 08 Oct 2021, 16:15 UTC

Verint Workforce Optimization (WFO) 15.2.5.1033 allows HTML injection via the /wfo/control/signin username parameter.

CVE-2020-23446 verint vulnerability CVSS: 5.0 22 Sep 2020, 14:15 UTC

Verint Workforce Optimization suite 15.1 (15.1.0.37634) has Unauthenticated Information Disclosure via API

CVE-2020-24057 verint vulnerability CVSS: 9.0 21 Aug 2020, 15:15 UTC

The management website of the Verint S5120FD Verint_FW_0_42 unit features a CGI endpoint ('ipfilter.cgi') that allows the user to manage network filtering on the unit. This endpoint is vulnerable to a command injection. An authenticated attacker can leverage this issue to execute arbitrary commands as 'root'.

CVE-2020-24056 verint vulnerability CVSS: 5.0 21 Aug 2020, 15:15 UTC

A hardcoded credentials vulnerability exists in Verint 5620PTZ Verint_FW_0_42, Verint 4320 V4320_FW_0_23, V4320_FW_0_31, and Verint S5120FD Verint_FW_0_42units. This could cause a confidentiality issue when using the FTP, Telnet, or SSH protocols.

CVE-2020-24055 verint vulnerability CVSS: 7.5 21 Aug 2020, 15:15 UTC

Verint 5620PTZ Verint_FW_0_42 and Verint 4320 V4320_FW_0_23, and V4320_FW_0_31 units feature an autodiscovery service implemented in the binary executable '/usr/sbin/DM' that listens on port TCP 6666. The service is vulnerable to a stack buffer overflow. It is worth noting that this service does not require any authentication.

CVE-2019-12784 verint vulnerability CVSS: 6.8 14 Jul 2020, 20:15 UTC

An issue was discovered in Verint Impact 360 15.1. At wfo/control/signin, the login form can accept submissions from external websites. In conjunction with CVE-2019-12783, this can be used by attackers to "crowdsource" bruteforce login attempts on the target site, allowing them to guess and potentially compromise valid credentials without ever sending any traffic from their own machine to the target site.

CVE-2019-12783 verint vulnerability CVSS: 5.8 14 Jul 2020, 20:15 UTC

An issue was discovered in Verint Impact 360 15.1. At wfo/control/signin, the rd parameter can accept a URL, to which users will be redirected after a successful login. In conjunction with CVE-2019-12784, this can be used by attackers to "crowdsource" bruteforce login attempts on the target site, allowing them to guess and potentially compromise valid credentials without ever sending any traffic from their own machine to the target site.

CVE-2019-12773 verint vulnerability CVSS: 4.3 14 Jul 2020, 20:15 UTC

An issue was discovered in Verint Impact 360 15.1. At wfo/help/help_popup.jsp, the helpURL parameter can be changed to embed arbitrary content inside of an iFrame. Attackers may use this in conjunction with social engineering to embed malicious scripts or phishing pages on a site where this product is installed, given the attacker can convince a victim to visit a crafted link.

CVE-2020-13480 verint vulnerability CVSS: 3.5 22 Jun 2020, 18:15 UTC

Verint Workforce Optimization (WFO) 15.2 allows HTML injection via the "send email" feature.

CVE-2018-17871 verint vulnerability CVSS: 4.0 04 Oct 2018, 19:29 UTC

Verba Collaboration Compliance and Quality Management Platform before 9.2.1.5545 has Incorrect Access Control.