CVE-2021-35491
05.10.2021, 16:15
A Cross-Site Request Forgery (CSRF) vulnerability in Wowza Streaming Engine through 4.8.11+5 allows a remote attacker to delete a user account via the /enginemanager/server/user/delete.htm userName parameter. The application does not implement a CSRF token for the GET request. This issue was resolved in Wowza Streaming Engine release 4.8.14.
| Vendor | Product | Version |
|---|---|---|
| wowza | streaming_engine | 𝑥 < 4.8.14 |
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References