Streaming Engine Security Vulnerabilities and Issues — Streaming Engine CVE List

Lucene search

WowzaStreaming Engine

5 matches found

CVE•added 2024/11/21 11:15 p.m.•61 views

CVE-2024-52052

Wowza Streaming Engine below 4.9.1 permits an authenticated Streaming Engine Manager administrator to define a custom application property and poison a stream target for high-privilege remote code execution.

9.4CVSS7.3AI score0.00414EPSS

CVE•added 2020/04/14 3:15 p.m.•50 views

CVE-2020-9004

A remote authenticated authorization-bypass vulnerability in Wowza Streaming Engine 4.8.0 and earlier allows any read-only user to issue requests to the administration panel in order to change functionality. For example, a read-only user may activate the Java JMX port in unauthenticated mode and ex...

9CVSS8.5AI score0.00729EPSS

CVE•added 2024/11/21 11:15 p.m.•45 views

CVE-2024-52053

Stored Cross-Site Scripting in the Manager component of Wowza Streaming Engine below 4.9.1 allows an unauthenticated attacker to inject client-side JavaScript into the web dashboard to automatically hijack admin accounts.

9.6CVSS5.9AI score0.00392EPSS

CVE•added 2019/03/21 4:0 p.m.•43 views

CVE-2018-19365

The REST API in Wowza Streaming Engine 4.7.4.01 allows traversal of the directory structure and retrieval of a file via a remote, specifically crafted HTTP request.

9.1CVSS9.1AI score0.79294EPSS

CVE•added 2018/03/01 9:29 p.m.•39 views

CVE-2018-7047

An issue was discovered in the MBeans Server in Wowza Streaming Engine before 4.7.1. The file system may be read and written to via JMX using the default JMX credentials (remote code execution may be possible as well).

9.8CVSS9.4AI score0.02986EPSS