Описание
Wowza Streaming Engine 4.8.0 and earlier suffers from multiple CSRF vulnerabilities. For example, an administrator, by following a link, can be tricked into making unwanted changes such as adding another admin user via enginemanager/server/user/edit.htm in the Server->Users component. This issue was resolved in Wowza Streaming Engine 4.8.5.
Ссылки
- ExploitThird Party Advisory
- Third Party Advisory
- Release NotesVendor Advisory
- Vendor Advisory
- ExploitThird Party Advisory
- Third Party Advisory
- Release NotesVendor Advisory
- Vendor Advisory
Уязвимые конфигурации
Конфигурация 1Версия до 4.8.0 (включая)
cpe:2.3:a:wowza:streaming_engine:*:*:*:*:*:*:*:*
EPSS
Процентиль: 68%
0.00574
Низкий
6.5 Medium
CVSS3
4.3 Medium
CVSS2
Дефекты
CWE-352
Связанные уязвимости
CVSS3: 6.5
github
больше 3 лет назад
Wowza Streaming Engine 4.7.7 and 4.7.8 suffers from multiple CSRF vulnerabilities. For example, an administrator, by following a link, can be tricked into making unwanted changes such as adding another admin user via enginemanager/server/user/edit.htm in the Server->Users component.
EPSS
Процентиль: 68%
0.00574
Низкий
6.5 Medium
CVSS3
4.3 Medium
CVSS2
Дефекты
CWE-352