Vulnerability Details CVE-2016-20035
Wowza Streaming Engine 4.5.0 contains a cross-site request forgery vulnerability that allows attackers to perform administrative actions by crafting malicious web pages. Attackers can trick logged-in administrators into visiting a malicious site that submits POST requests to the user edit endpoint to create new admin accounts with arbitrary credentials.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.001
EPSS Ranking 15.8%
CVSS Severity
CVSS v3 Score 5.3
References
Products affected by CVE-2016-20035
-
cpe:2.3:a:wowza:streaming_engine:4.5.0