CVE-2020-9004

Severity CVSS v4.0:
Pending analysis
Type:
CWE-306 Missing Authentication for Critical Function
Publication date:
14/04/2020
Last modified:
03/05/2022

Description

A remote authenticated authorization-bypass vulnerability in Wowza Streaming Engine 4.8.0 and earlier allows any read-only user to issue requests to the administration panel in order to change functionality. For example, a read-only user may activate the Java JMX port in unauthenticated mode and execute OS commands under root privileges. This issue was resolved in Wowza Streaming Engine 4.8.5.

Vulnerable products and versions

CPE From Up to
cpe:2.3:a:wowza:streaming_engine:*:*:*:*:*:*:*:* 4.8.0 (including)