CVE-2019-7654

{"id": "CVE-2019-7654", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 4.3, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "MEDIUM", "availabilityImpact": "NONE", "confidentialityImpact": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 8.6, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": true}], "cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.5, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N", "integrityImpact": "HIGH", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "impactScore": 3.6, "exploitabilityScore": 2.8}]}, "published": "2020-01-29T16:15:11.850", "references": [{"url": "https://github.com/DrunkenShells/Disclosures/tree/master/CVE-2019-7654-CSRF-Wowza", "tags": ["Exploit", "Third Party Advisory"], "source": "cve@mitre.org"}, {"url": "https://raw.githubusercontent.com/WowzaMediaSystems/public_cve/main/wowza-streaming-engine/CVE-2019-7654.txt", "tags": ["Third Party Advisory"], "source": "cve@mitre.org"}, {"url": "https://www.wowza.com/docs/wowza-streaming-engine-4-8-5-release-notes", "tags": ["Release Notes", "Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "https://www.wowza.com/pricing/installer", "tags": ["Vendor Advisory"], "source": "cve@mitre.org"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-352"}]}], "descriptions": [{"lang": "en", "value": "Wowza Streaming Engine 4.8.0 and earlier suffers from multiple CSRF vulnerabilities. For example, an administrator, by following a link, can be tricked into making unwanted changes such as adding another admin user via enginemanager/server/user/edit.htm in the Server->Users component. This issue was resolved in Wowza Streaming Engine 4.8.5."}, {"lang": "es", "value": "Wowza Streaming Engine versiones 4.8.0 y anteriores, sufre de m\u00faltiples vulnerabilidades de tipo CSRF. Por ejemplo, un administrador, al seguir un enlace, puede ser enga\u00f1ado para hacer cambios no deseados, como agregar otro usuario administrador por medio del archivo enginemanager/server/user/edit.htm en el componente Server->Users. Este problema se resolvi\u00f3 en Wowza Streaming Engine 4.8.5"}], "lastModified": "2022-10-14T03:09:56.833", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:wowza:streaming_engine:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "72870676-F760-48D9-8DA3-39D4C99C7BFE", "versionEndIncluding": "4.8.0"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}