2 matches found
CVE-2021-45900
Vivoh Webinar Manager before 3.6.3.0 has improper API authentication. When a user logs in to the administration configuration web portlet, a VIVOHAUTH cookie is assigned so that they can be uniquely identified. Certain APIs can be successfully executed without proper authentication. This can let ...
CVE-2021-45900
Vivoh Webinar Manager prior to 3.6.3.0 has an improper API authentication flaw. After login to the administration configuration web portlet, a VIVOH_AUTH cookie is issued to identify users, and certain APIs can be called without proper authentication, enabling an attacker to impersonate a victim ...