CVE-2021-31540
First published: Fri Apr 23 2021(Updated: )
Wowza Streaming Engine through 4.8.5 (in a default installation) has incorrect file permissions of configuration files in the conf/ directory. A regular local user is able to read and write to all the configuration files, e.g., modify the application server configuration.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Wowza Streaming Engine | <=4.8.5 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the vulnerability ID for this issue?
The vulnerability ID for this issue is CVE-2021-31540.
What is the severity of CVE-2021-31540?
The severity of CVE-2021-31540 is high with a severity value of 7.1.
What is affected by CVE-2021-31540?
Wowza Streaming Engine versions up to and including 4.8.5 are affected by CVE-2021-31540.
What is the impact of CVE-2021-31540?
A regular local user is able to read and write to all the configuration files in the conf/ directory of Wowza Streaming Engine, allowing them to modify the application server configuration.
How can I fix CVE-2021-31540?
Upgrade to a version of Wowza Streaming Engine that is not affected by CVE-2021-31540 or apply the necessary security patches or fixes provided by the vendor.
- collector/nvd-index
- agent/severity
- agent/author
- vendor/wowza
- canonical/wowza streaming engine
- version/wowza streaming engine/4.8.5