Wowza Streaming Engine — known CVE vulnerabilities
Every CVE whose affected-product data names Wowza Streaming Engine, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (26)
CVE-2018-7047 — CVSS 9.8 (critical): An issue was discovered in the MBeans Server in Wowza Streaming Engine before 4.7.1. The file system may be read and written to via JMX…
CVE-2024-52053 — CVSS 9.6 (critical): Stored Cross-Site Scripting in the Manager component of Wowza Streaming Engine below 4.9.1 allows an unauthenticated attacker to inject…
CVE-2018-19365 — CVSS 9.1 (critical): The REST API in Wowza Streaming Engine 4.7.4.01 allows traversal of the directory structure and retrieval of a file via a remote…
CVE-2020-9004 — CVSS 8.8 (high): A remote authenticated authorization-bypass vulnerability in Wowza Streaming Engine 4.8.0 and earlier allows any read-only user to issue…
CVE-2016-20034 — CVSS 8.8 (high): Wowza Streaming Engine 4.5.0 contains a privilege escalation vulnerability that allows authenticated read-only users to elevate privileges…
CVE-2021-35491 — CVSS 8.1 (high): A Cross-Site Request Forgery (CSRF) vulnerability in Wowza Streaming Engine through 4.8.11+5 allows a remote attacker to delete a user…
CVE-2019-19455 — CVSS 7.8 (high): Wowza Streaming Engine before 4.8.5 has Insecure Permissions which may allow a local attacker to escalate privileges in / usr / local /…
CVE-2019-7656 — CVSS 7.8 (high): A privilege escalation vulnerability in Wowza Streaming Engine 4.8.0 and earlier allows any unprivileged Linux user to escalate privileges…
CVE-2016-20033 — CVSS 7.8 (high): Wowza Streaming Engine 4.5.0 contains a local privilege escalation vulnerability that allows authenticated users to escalate privileges by…
CVE-2018-7048 — CVSS 7.5 (high): An issue was discovered in Wowza Streaming Engine before 4.7.1. There is a denial of service (memory consumption) via a crafted HTTP…
CVE-2019-19454 — CVSS 7.5 (high): An arbitrary file download was found in the "Download Log" functionality of Wowza Streaming Engine <= 4.x.x. This issue was resolved in…
CVE-2024-52052 — CVSS 7.2 (high): Wowza Streaming Engine below 4.9.1 permits an authenticated Streaming Engine Manager administrator to define a custom application property…
CVE-2021-31540 — CVSS 7.1 (high): Wowza Streaming Engine through 4.8.5 (in a default installation) has incorrect file permissions of configuration files in the conf/…
CVE-2024-52056 — CVSS 6.5 (medium): Path Traversal in the Manager component of Wowza Streaming Engine below 4.9.1 allows an administrator user to delete any directory on the…
CVE-2019-7654 — CVSS 6.5 (medium): Wowza Streaming Engine 4.8.0 and earlier suffers from multiple CSRF vulnerabilities. For example, an administrator, by following a link…
CVE-2021-35492 — CVSS 6.5 (medium): Wowza Streaming Engine through 4.8.11+5 could allow an authenticated, remote attacker to exhaust filesystem resources via the…
CVE-2019-19456 — CVSS 6.1 (medium): A Reflected XSS was found in the server selection box inside the login page at: enginemanager/loginfailed.html in Wowza Streaming Engine <=…
CVE-2016-20036 — CVSS 6.1 (medium): Wowza Streaming Engine 4.5.0 contains multiple reflected cross-site scripting vulnerabilities in the enginemanager interface where input…
CVE-2018-7049 — CVSS 6.1 (medium): An issue was discovered in Wowza Streaming Engine before 4.7.1. There is an XSS vulnerability in the HTTP providers (com.wowza.wms.http.HTTP…
CVE-2021-31539 — CVSS 5.5 (medium): Wowza Streaming Engine before 4.8.8.01 (in a default installation) has cleartext passwords stored in the conf/admin.password file. A…
CVE-2019-7655 — CVSS 5.4 (medium): Wowza Streaming Engine 4.8.0 and earlier from multiple authenticated XSS vulnerabilities via the (1) customList%5B0%5D.value field in…
CVE-2019-19453 — CVSS 5.4 (medium): Wowza Streaming Engine before 4.8.5 allows XSS (issue 1 of 2). An authenticated user, with access to the proxy license editing is able to…
CVE-2017-16922 — CVSS 5.3 (medium): In com.wowza.wms.timedtext.http.HTTPProviderCaptionFile in Wowza Streaming Engine before 4.7.1, traversal of the directory structure and…
CVE-2016-20035 — CVSS 5.3 (medium): Wowza Streaming Engine 4.5.0 contains a cross-site request forgery vulnerability that allows attackers to perform administrative actions by…
CVE-2024-52055 — CVSS 4.9 (medium): Path Traversal in the Manager component of Wowza Streaming Engine below 4.9.1 allows an administrator user to read any file on the file…
CVE-2024-52054 — CVSS 2.7 (low): Path Traversal in the Manager component of Wowza Streaming Engine below 4.9.1 allows an administrator user to create an XML definition file…