CVE-2018-7047

EPSS 2.84%
Veröffentlicht 01.03.2018 21:29:00
Zuletzt bearbeitet 21.11.2024 04:11:33
Quelle cve@mitre.org
CVE-Watchlists
Login
Unerledigt
Login

An issue was discovered in the MBeans Server in Wowza Streaming Engine before 4.7.1. The file system may be read and written to via JMX using the default JMX credentials (remote code execution may be possible as well).

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 5

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Wowza ≫ Streaming Engine Version < 4.7.1

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	2.84%	0.857

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	9.8	3.9	5.9	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvd@nist.gov	7.5	10	6.4	AV:N/AC:L/Au:N/C:P/I:P/A:P

CWE-798 Use of Hard-coded Credentials

The product contains hard-coded credentials, such as a password or cryptographic key.

https://raw.githubusercontent.com/WowzaMediaSystems/public_cve/main/wowza-streaming-engine/CVE-2018-7047.txt

https://www.wowza.com/docs/wowza-streaming-engine-4-7-1-release-notes

Vendor Advisory

Release Notes

https://nvd.nist.gov/vuln/detail/CVE-2018-7047

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2018-7047

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2018-7047

EUVD