Wowza Streaming Engine 4.8.11

CPE Details

Wowza Streaming Engine 4.8.11
wowza
streaming_engine
4.8.11
2021-10-07
14h15 +00:00
2021-10-07
14h15 +00:00
CPE NVD
Alerte pour un CPE
Stay informed of any changes for a specific CPE.
Notifications manage

CPE Name: cpe:2.3:a:wowza:streaming_engine:4.8.11:*:*:*:*:*:*:*

Informations

Vendor

wowza

Product

streaming_engine

Version

4.8.11

Related CVE

Open and find in CVE List

CVE ID Published Description Score Severity
CVE-2024-52052 2024-11-21 22h20 +00:00 Wowza Streaming Engine below 4.9.1 permits an authenticated Streaming Engine Manager administrator to define a custom application property and poison a stream target for high-privilege remote code execution.
9.4
Critical
CVE-2021-35492 2021-10-05 13h12 +00:00 Wowza Streaming Engine through 4.8.11+5 could allow an authenticated, remote attacker to exhaust filesystem resources via the /enginemanager/server/vhost/historical.jsdata vhost parameter. This is due to the insufficient management of available filesystem resources. An attacker could exploit this vulnerability through the Virtual Host Monitoring section by requesting random virtual-host historical data and exhausting available filesystem resources. A successful exploit could allow the attacker to cause database errors and cause the device to become unresponsive to web-based management. (Manual intervention is required to free filesystem resources and return the application to an operational state.)
6.5
Medium
CVE-2021-35491 2021-10-05 13h10 +00:00 A Cross-Site Request Forgery (CSRF) vulnerability in Wowza Streaming Engine through 4.8.11+5 allows a remote attacker to delete a user account via the /enginemanager/server/user/delete.htm userName parameter. The application does not implement a CSRF token for the GET request. This issue was resolved in Wowza Streaming Engine release 4.8.14.
8.1
High