{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-05-04T09:39:32.780","vulnerabilities":[{"cve":{"id":"CVE-2020-9004","sourceIdentifier":"cve@mitre.org","published":"2020-04-14T15:15:13.353","lastModified":"2024-11-21T05:39:48.840","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"A remote authenticated authorization-bypass vulnerability in Wowza Streaming Engine 4.8.0 and earlier allows any read-only user to issue requests to the administration panel in order to change functionality. For example, a read-only user may activate the Java JMX port in unauthenticated mode and execute OS commands under root privileges. This issue was resolved in Wowza Streaming Engine 4.8.5."},{"lang":"es","value":"Una vulnerabilidad de omisión de autorización autenticada remota en Wowza Streaming Engine versión 4.8.0 y anteriores permite a cualquier usuario de sólo lectura emitir peticiones al panel de administración para cambiar la funcionalidad. Por ejemplo, un usuario de sólo lectura puede activar el puerto Java JMX en modo no autenticado y ejecutar comandos del Sistema Operativo con privilegios de root. Este problema se resolvió en Wowza Streaming Engine 4.8.5"}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","baseScore":8.8,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.8,"impactScore":5.9}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:S/C:C/I:C/A:C","baseScore":9.0,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"SINGLE","confidentialityImpact":"COMPLETE","integrityImpact":"COMPLETE","availabilityImpact":"COMPLETE"},"baseSeverity":"HIGH","exploitabilityScore":8.0,"impactScore":10.0,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-306"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:wowza:streaming_engine:*:*:*:*:*:*:*:*","versionEndIncluding":"4.8.0","matchCriteriaId":"72870676-F760-48D9-8DA3-39D4C99C7BFE"}]}]}],"references":[{"url":"https://github.com/DrunkenShells/Disclosures/tree/master/CVE-2020-9004-Authenticated%20Remote%20Authorization%20Bypass%20Leading%20to%20RCE-Wowza","source":"cve@mitre.org","tags":["Exploit","Third Party Advisory"]},{"url":"https://raw.githubusercontent.com/WowzaMediaSystems/public_cve/main/wowza-streaming-engine/CVE-2020-9004.txt","source":"cve@mitre.org","tags":["Third Party Advisory"]},{"url":"https://www.wowza.com/docs/wowza-streaming-engine-4-8-5-release-notes","source":"cve@mitre.org","tags":["Release Notes","Vendor Advisory"]},{"url":"https://github.com/DrunkenShells/Disclosures/tree/master/CVE-2020-9004-Authenticated%20Remote%20Authorization%20Bypass%20Leading%20to%20RCE-Wowza","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Exploit","Third Party Advisory"]},{"url":"https://raw.githubusercontent.com/WowzaMediaSystems/public_cve/main/wowza-streaming-engine/CVE-2020-9004.txt","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"https://www.wowza.com/docs/wowza-streaming-engine-4-8-5-release-notes","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Release Notes","Vendor Advisory"]}]}}]}