Описание
Ant Media Server Community Edition in a default configuration is vulnerable to an improper HTTP header based authorization, leading to a possible use of non-administrative API calls reserved only for authorized users. All versions up to 2.9.0 (tested) and possibly newer ones are believed to be vulnerable as the vendor has not confirmed releasing a patch.
EPSS
Процентиль: 25%
0.00087
Низкий
5.4 Medium
CVSS3
Дефекты
CWE-302
Связанные уязвимости
CVSS3: 6.5
github
больше 1 года назад
Ant Media Server does not properly authorize non-administrative API calls
EPSS
Процентиль: 25%
0.00087
Низкий
5.4 Medium
CVSS3
Дефекты
CWE-302