PT-2024-15711 · Unknown · C21 Live Encoder/Live Mosaic
Konrad Kowal Karp
·
Published
2024-01-17
·
Updated
2024-01-24
·
CVE-2024-0642
CVSS v3.1
9.8
Critical
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
C21 Live Encoder and Live Mosaic version 5.3
Description
The issue is related to inadequate access control, allowing a remote attacker to access the application as an administrator user due to lack of proper credential management. This can be done through the application endpoint.
Recommendations
For version 5.3, consider restricting access to the application endpoint as a temporary workaround until a patch is available. Additionally, review and improve credential management to prevent unauthorized access. At the moment, there is no information about a newer version that contains a fix for this vulnerability.
Improper Access Control
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
C21 Live Encoder/Live Mosaic