Timeline:
2 May 2019 – Informed about vulnerability to Telligent.
3 May 2019 – Initial response.
3 May 2019 – Vulnerability reported.
3 May 2019 – Telligent forwarded details to WFO team.
7 May 2019 – followup with WFO
9 May 2019 – Telligent team confirmed that they will update soon
21 May 2019 – followup with WFO
21 May 2019 – followup with Telligent Team
21 May 2019 – email acknowledgment from Verint (WFO Team)
29 May 2019 – followup with WFO
29 May 2019 – followup with Telligent Team
29 May 2019 – Telligent Team replied back
30 May to till date – No response from both Team vulnerability was patched in 15.2 but no acknowledgment
17 September 2019- Vulnerability Published
One thought on “Verint: Unauthenticated Information Disclosure via API”