CVE-2020-23446 Vulnerable Software: Verint Workforce Optimization (WFO) Vulnerability: Unauthenticated Information Disclosure via API Affected Version: 15.1 (15.1.0.37634) Vendor Homepage: Link CVE: 2020-23446 CVE Author: Tejas Nitin Pingulkar Exploit Available: POC Available Exploit URL: [IP/Domain]/wfo/rest/em-api/v1/topology/generation Patch: Patched in version 15.2 Timeline: - 2 May 2019 - Informed about vulnerability to Telligent. - 3 May 2019 - Initial response. - 3 May 2019 - Vulnerability reported. - 3 May 2019 - Telligent forwarded details to WFO team. - 7 May 2019 - Followup with WFO - 9 May 2019 - Telligent team confirmed that they will update soon - 21 May 2019 - Followup with WFO - 21 May 2019 - Followup with Telligent Team - 21 May 2019 - Email acknowledgment from Verint (WFO Team) - 29 May 2019 - Followup with WFO - 29 May 2019 - Followup with Telligent Team - 29 May 2019 - Telligent Team replied back - 30 May to till date - No response from both Team vulnerability was patched in 15.2 but no acknowledgment - 17 September 2019 - Vulnerability Published