Shubham Agrawal

**Name of the Vulnerable Software and Affected Versions** Vivoh Webinar Manager versions prior to 3.6.3.0 **Description** The issue is related to improper API authentication. When a user logs in to the administration configuration web portlet, a VIVOH AUTH cookie is assigned for unique identification. However, certain APIs can be executed without proper authentication, allowing an attacker to impersonate a victim and make state-changing requests on their behalf. **Recommendations** For versions prior to 3.6.3.0, update to version 3.6.3.0 or later to resolve the issue. As a temporary workaround, consider restricting access to sensitive APIs to minimize the risk of exploitation. Avoid using APIs that do not require proper authentication until the issue is resolved.