Wowza Streaming Engine vulnerabilities
26 known vulnerabilities affecting wowza/streaming_engine.
Total CVEs
26
CISA KEV
0
Public exploits
1
Exploited in wild
1
Severity breakdown
CRITICAL3HIGH10MEDIUM12LOW1
Vulnerabilities
Page 2 of 2
CVE-2019-19453P4MEDIUMCVSS 5.4fixed in 4.8.52020-08-03
CVE-2019-19453 [MEDIUM] CWE-79 CVE-2019-19453: Wowza Streaming Engine before 4.8.5 allows XSS (issue 1 of 2). An authenticated user, with access to
Wowza Streaming Engine before 4.8.5 allows XSS (issue 1 of 2). An authenticated user, with access to the proxy license editing is able to insert a malicious payload that will be triggered in the main page of server settings. This issue was resolved in Wowza Streaming Engine 4.8.5.
nvd
CVE-2019-7655P4MEDIUMCVSS 5.4≤ 4.8.02020-01-29
CVE-2019-7655 [MEDIUM] CWE-79 CVE-2019-7655: Wowza Streaming Engine 4.8.0 and earlier from multiple authenticated XSS vulnerabilities via the (1)
Wowza Streaming Engine 4.8.0 and earlier from multiple authenticated XSS vulnerabilities via the (1) customList%5B0%5D.value field in enginemanager/server/serversetup/edit_adv.htm of the Server Setup configuration or the (2) host field in enginemanager/j_spring_security_check of the login form. This issue was resolved in Wowza Streaming Engine 4.8.5.
nvd
CVE-2021-31539P4MEDIUMCVSS 5.5fixed in 4.8.8.012021-04-23
CVE-2021-31539 [MEDIUM] CWE-312 CVE-2021-31539: Wowza Streaming Engine before 4.8.8.01 (in a default installation) has cleartext passwords stored in
Wowza Streaming Engine before 4.8.8.01 (in a default installation) has cleartext passwords stored in the conf/admin.password file. A regular local user is able to read usernames and passwords.
nvd
CVE-2019-19456P4MEDIUMCVSS 6.1≥ 4.0.0, ≤ 4.8.02020-05-18
CVE-2019-19456 [MEDIUM] CWE-79 CVE-2019-19456: A Reflected XSS was found in the server selection box inside the login page at: enginemanager/loginf
A Reflected XSS was found in the server selection box inside the login page at: enginemanager/loginfailed.html in Wowza Streaming Engine <= 4.x.x. This issue was resolved in Wowza Streaming Engine 4.8.0.
nvd
CVE-2016-20035P4MEDIUMCVSS 4.3v4.5.02026-03-16
CVE-2016-20035 [MEDIUM] CWE-352 CVE-2016-20035: Wowza Streaming Engine 4.5.0 contains a cross-site request forgery vulnerability that allows attacke
Wowza Streaming Engine 4.5.0 contains a cross-site request forgery vulnerability that allows attackers to perform administrative actions by crafting malicious web pages. Attackers can trick logged-in administrators into visiting a malicious site that submits POST requests to the user edit endpoint to create new admin accounts with arbitrary credenti
nvd
CVE-2024-52054P4LOWCVSS 2.7≥ 4.3.0, < 4.9.12024-11-21
CVE-2024-52054 [LOW] CWE-22 CVE-2024-52054: Path Traversal in the Manager component of Wowza Streaming Engine below 4.9.1 allows an administrato
Path Traversal in the Manager component of Wowza Streaming Engine below 4.9.1 allows an administrator user to create an XML definition file anywhere on the file system.
nvd
← Previous2 / 2