CVE-2019-7654: CSRF
First published: Wed Jan 29 2020(Updated: )
Wowza Streaming Engine 4.8.0 and earlier suffers from multiple CSRF vulnerabilities. For example, an administrator, by following a link, can be tricked into making unwanted changes such as adding another admin user via enginemanager/server/user/edit.htm in the Server->Users component. This issue was resolved in Wowza Streaming Engine 4.8.5.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Wowza Streaming Engine | <=4.8.0 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is CVE-2019-7654?
CVE-2019-7654 is a vulnerability in Wowza Streaming Engine 4.8.0 and earlier that allows for CSRF attacks.
How severe is CVE-2019-7654?
CVE-2019-7654 has a severity rating of medium with a CVSS score of 6.5.
What is the CWE ID for CVE-2019-7654?
The CWE ID for CVE-2019-7654 is 352.
How can an attacker exploit CVE-2019-7654?
An attacker can exploit CVE-2019-7654 by tricking an administrator into making unwanted changes, such as adding another admin user, through a CSRF attack.
Is there a patch available for CVE-2019-7654?
Yes, a patch is available for CVE-2019-7654 in Wowza Streaming Engine 4.8.5.
- collector/nvd-index
- vendor/wowza
- canonical/wowza streaming engine
- version/wowza streaming engine/4.8.0