CVE-2020-9004 [Suggested Description] --------------------------------------- A remote authenticated authorization-bypass vulnerability allows any read-only user to issue requests to the administration panel in order to change functionality. --------------------------------------- [Vulnerability Type] Remote authenticated authorization-bypass --------------------------------------- [Vendor of Product] Wowza Media Systems LLC --------------------------------------- [Affected Product Code Base] Wowza Streaming Engine - Version 4.8.0 and earlier, Issue fixed in 4.8.5 --------------------------------------- [Affected Component] Wowza Streaming Engine Manager --------------------------------------- [Attack Type] Remote --------------------------------------- [Impact Code Execution] true --------------------------------------- [Impact Denial of Service] false --------------------------------------- [Attack Vector] POST requests could be made to perform actions that should only be allowed for admin users --------------------------------------- [Has the vendor confirmed or acknowledged the vulnerability?] true