CVE-2024-52054

Name of the Vulnerable Software and Affected Versions Wowza Streaming Engine versions prior to 4.9.1

Description The issue is related to a path traversal vulnerability in the Manager component of Wowza Streaming Engine. This vulnerability allows an administrator user to create an XML definition file anywhere on the file system. The vulnerability is due to incorrect restriction of the directory path name with limited access. Exploitation of the vulnerability may allow a remote attacker to gain access to create an XML file in an arbitrary directory.

Recommendations For versions prior to 4.9.1, update to version 4.9.1 or later to resolve the issue. As a temporary workaround, consider restricting access to the Manager component to minimize the risk of exploitation.