Skip to main content

Streaming Engine

13 CVEs product

Monthly

CVE-2024-52056 MEDIUM This Month

Path Traversal in the Manager component of Wowza Streaming Engine below 4.9.1 allows an administrator user to delete any directory on the file system if the target directory contains an XML. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Path Traversal Streaming Engine
NVD
CVSS 4.0
6.9
EPSS
0.7%
CVE-2024-52055 HIGH This Week

Path Traversal in the Manager component of Wowza Streaming Engine below 4.9.1 allows an administrator user to read any file on the file system if the target directory contains an XML definition file. Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Path Traversal Streaming Engine
NVD
CVSS 4.0
8.2
EPSS
1.0%
CVE-2024-52054 MEDIUM This Month

Path Traversal in the Manager component of Wowza Streaming Engine below 4.9.1 allows an administrator user to create an XML definition file anywhere on the file system. Rated medium severity (CVSS 5.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Path Traversal Streaming Engine
NVD
CVSS 4.0
5.1
EPSS
0.7%
CVE-2024-52053 HIGH This Week

Stored Cross-Site Scripting in the Manager component of Wowza Streaming Engine below 4.9.1 allows an unauthenticated attacker to inject client-side JavaScript into the web dashboard to automatically. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Streaming Engine
NVD
CVSS 4.0
8.7
EPSS
0.6%
CVE-2024-52052 CRITICAL Act Now

Wowza Streaming Engine below 4.9.1 permits an authenticated Streaming Engine Manager administrator to define a custom application property and poison a stream target for high-privilege remote code. Rated critical severity (CVSS 9.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE Streaming Engine
NVD
CVSS 4.0
9.4
EPSS
0.5%
CVE-2021-35492 MEDIUM POC This Month

Wowza Streaming Engine through 4.8.11+5 could allow an authenticated, remote attacker to exhaust filesystem resources via the /enginemanager/server/vhost/historical.jsdata vhost parameter. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Streaming Engine
NVD
CVSS 3.1
6.5
EPSS
3.3%
CVE-2021-35491 HIGH POC This Week

A Cross-Site Request Forgery (CSRF) vulnerability in Wowza Streaming Engine through 4.8.11+5 allows a remote attacker to delete a user account via the /enginemanager/server/user/delete.htm userName. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF Streaming Engine
NVD
CVSS 3.1
8.1
EPSS
0.9%
CVE-2021-31540 HIGH POC This Week

Wowza Streaming Engine through 4.8.5 (in a default installation) has incorrect file permissions of configuration files in the conf/ directory. Rated high severity (CVSS 7.1), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Streaming Engine
NVD
CVSS 3.1
7.1
EPSS
0.4%
CVE-2021-31539 MEDIUM POC This Month

Wowza Streaming Engine before 4.8.8.01 (in a default installation) has cleartext passwords stored in the conf/admin.password file. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Streaming Engine
NVD
CVSS 3.1
5.5
EPSS
0.3%
CVE-2020-9004 HIGH POC This Week

A remote authenticated authorization-bypass vulnerability in Wowza Streaming Engine 4.8.0 and earlier allows any read-only user to issue requests to the administration panel in order to change. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Java Authentication Bypass Streaming Engine
NVD GitHub
CVSS 3.1
8.8
EPSS
3.5%
CVE-2018-7049 MEDIUM This Month

An issue was discovered in Wowza Streaming Engine before 4.7.1. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Streaming Engine
NVD
CVSS 3.0
6.1
EPSS
0.9%
CVE-2018-7048 HIGH This Week

An issue was discovered in Wowza Streaming Engine before 4.7.1. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Streaming Engine
NVD
CVSS 3.0
7.5
EPSS
1.5%
CVE-2018-7047 CRITICAL Act Now

An issue was discovered in the MBeans Server in Wowza Streaming Engine before 4.7.1. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass RCE Streaming Engine
NVD
CVSS 3.0
9.8
EPSS
2.4%
EPSS 1% CVSS 6.9
MEDIUM This Month

Path Traversal in the Manager component of Wowza Streaming Engine below 4.9.1 allows an administrator user to delete any directory on the file system if the target directory contains an XML. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Path Traversal Streaming Engine
NVD
EPSS 1% CVSS 8.2
HIGH This Week

Path Traversal in the Manager component of Wowza Streaming Engine below 4.9.1 allows an administrator user to read any file on the file system if the target directory contains an XML definition file. Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Path Traversal Streaming Engine
NVD
EPSS 1% CVSS 5.1
MEDIUM This Month

Path Traversal in the Manager component of Wowza Streaming Engine below 4.9.1 allows an administrator user to create an XML definition file anywhere on the file system. Rated medium severity (CVSS 5.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Path Traversal Streaming Engine
NVD
EPSS 1% CVSS 8.7
HIGH This Week

Stored Cross-Site Scripting in the Manager component of Wowza Streaming Engine below 4.9.1 allows an unauthenticated attacker to inject client-side JavaScript into the web dashboard to automatically. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Streaming Engine
NVD
EPSS 0% CVSS 9.4
CRITICAL Act Now

Wowza Streaming Engine below 4.9.1 permits an authenticated Streaming Engine Manager administrator to define a custom application property and poison a stream target for high-privilege remote code. Rated critical severity (CVSS 9.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE Streaming Engine
NVD
EPSS 3% CVSS 6.5
MEDIUM POC This Month

Wowza Streaming Engine through 4.8.11+5 could allow an authenticated, remote attacker to exhaust filesystem resources via the /enginemanager/server/vhost/historical.jsdata vhost parameter. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Streaming Engine
NVD
EPSS 1% CVSS 8.1
HIGH POC This Week

A Cross-Site Request Forgery (CSRF) vulnerability in Wowza Streaming Engine through 4.8.11+5 allows a remote attacker to delete a user account via the /enginemanager/server/user/delete.htm userName. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF Streaming Engine
NVD
EPSS 0% CVSS 7.1
HIGH POC This Week

Wowza Streaming Engine through 4.8.5 (in a default installation) has incorrect file permissions of configuration files in the conf/ directory. Rated high severity (CVSS 7.1), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Streaming Engine
NVD
EPSS 0% CVSS 5.5
MEDIUM POC This Month

Wowza Streaming Engine before 4.8.8.01 (in a default installation) has cleartext passwords stored in the conf/admin.password file. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Streaming Engine
NVD
EPSS 4% CVSS 8.8
HIGH POC This Week

A remote authenticated authorization-bypass vulnerability in Wowza Streaming Engine 4.8.0 and earlier allows any read-only user to issue requests to the administration panel in order to change. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Java Authentication Bypass Streaming Engine
NVD GitHub
EPSS 1% CVSS 6.1
MEDIUM This Month

An issue was discovered in Wowza Streaming Engine before 4.7.1. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Streaming Engine
NVD
EPSS 2% CVSS 7.5
HIGH This Week

An issue was discovered in Wowza Streaming Engine before 4.7.1. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Streaming Engine
NVD
EPSS 2% CVSS 9.8
CRITICAL Act Now

An issue was discovered in the MBeans Server in Wowza Streaming Engine before 4.7.1. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass RCE Streaming Engine
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy