6.9

CVE-2010-3280

EPSS 0.55%
Published 23.09.2010 19:00:14
Last modified 11.04.2025 00:51:21
Source cve@mitre.org
Teams watchlist Login
Open Login

The CCAgent option 9.0.8.4 and earlier in the management server (aka TSA) component in Alcatel-Lucent OmniTouch Contact Center Standard Edition relies on client-side authorization checking, and unconditionally sends the SuperUser password to the client for use during an authorized session, which allows remote attackers to monitor or reconfigure Contact Center operations via a modified client application.

Affected products Warnungen 0 Metrics 2 CWE 1 References 10

Data is provided by the National Vulnerability Database (NVD)

Alcatel-lucent ≫ Ccagent Version <= 8.0

Alcatel-lucent ≫ Ccagent Version7.1

Alcatel-lucent ≫ Omnitouch Contact Center Version- Update- Editionstd

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	0.55%	0.653

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	6.9	5.5	8.5	AV:A/AC:M/Au:N/C:C/I:P/A:P

CWE-200 Exposure of Sensitive Information to an Unauthorized Actor

The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

http://www.alcatel-lucent.com/wps/DocumentStreamerServlet?LMSG_CABINET=Corporate&LMSG_CONTENT_FILE=Support/Security/2010001.pdf

Vendor Advisory

http://www.nruns.com/_downloads/nruns-SA-2010-001.pdf

http://www.securityfocus.com/archive/1/513869

http://www.securityfocus.com/bid/43340

http://www.vupen.com/english/advisories/2010/2459

Vendor Advisory

http://secunia.com/advisories/41547

Vendor Advisory

https://exchange.xforce.ibmcloud.com/vulnerabilities/61920

https://nvd.nist.gov/vuln/detail/CVE-2010-3280

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2010-3280

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2010-3280

EUVD