Vulnerabilities > Wowza > Streaming Engine > 4.8.5
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2021-10-05 | CVE-2021-35491 | Cross-Site Request Forgery (CSRF) vulnerability in Wowza Streaming Engine A Cross-Site Request Forgery (CSRF) vulnerability in Wowza Streaming Engine through 4.8.11+5 allows a remote attacker to delete a user account via the /enginemanager/server/user/delete.htm userName parameter. | 5.8 |
2021-10-05 | CVE-2021-35492 | Allocation of Resources Without Limits or Throttling vulnerability in Wowza Streaming Engine Wowza Streaming Engine through 4.8.11+5 could allow an authenticated, remote attacker to exhaust filesystem resources via the /enginemanager/server/vhost/historical.jsdata vhost parameter. | 4.0 |
2021-04-23 | CVE-2021-31539 | Cleartext Storage of Sensitive Information vulnerability in Wowza Streaming Engine Wowza Streaming Engine before 4.8.8.01 (in a default installation) has cleartext passwords stored in the conf/admin.password file. | 2.1 |