Recent Vulnerabilities Research Posts Trends Blog About Contact

Published: 05/10/2021 Updated: 06/11/2021

CVSS v2 Base Score: 5.8 | Impact Score: 4.9 | Exploitability Score: 8.6

CVSS v3 Base Score: 8.1 | Impact Score: 5.2 | Exploitability Score: 2.8

VMScore: 516

Vector: AV:N/AC:M/Au:N/C:N/I:P/A:P

A Cross-Site Request Forgery (CSRF) vulnerability in Wowza Streaming Engine up to and including 4.8.11+5 allows a remote malicious user to delete a user account via the /enginemanager/server/user/delete.htm userName parameter. The application does not implement a CSRF token for the GET request. This issue was resolved in Wowza Streaming Engine release 4.8.14.

Vulnerable Product	Search on Vulmon	Subscribe to Product
wowza streaming engine

CWE-352 https://www.gruppotim.it/redteam https://www.wowza.com/docs/wowza-streaming-engine-4-8-14-release-notes https://n4nj0.github.io/advisories/wowza-streaming-engine-i/https://nvd.nist.gov

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2021-35491

Vulnerability Summary

Vulnerability Trend

References

Vulmon Search

About

Products

Connect