PT-2020-10163 · Wowza · Wowza Streaming Engine

Published

2020-05-18

Updated

2020-09-30

CVE-2019-19454

CVSS v3.1

7.5

High

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Name of the Vulnerable Software and Affected Versions Wowza Streaming Engine versions prior to 4.8.0

Description The issue concerns an arbitrary file download found in the "Download Log" functionality. This allows for potential unauthorized access to files.

Recommendations For versions prior to 4.8.0, update to Wowza Streaming Engine 4.8.0 to resolve the issue. As a temporary workaround, consider restricting access to the "Download Log" functionality until the update is applied.

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

CVE-2019-19454

Affected Products

Wowza Streaming Engine

PT-2020-10163 · Wowza · Wowza Streaming Engine

CVE-2019-19454

Related Identifiers

Affected Products

References · 6