CVE-2018-7047. [Suggested description] An issue was discovered in the MBeans Server in Wowza Streaming Engine before 4.7.1. The file system may be read and written to via JMX using the default JMX credentials (remote code execution may be possible as well). ------------------------------------------ [Vulnerability Type] Insecure Permissions ------------------------------------------ [Vendor of Product] Wowza Media Systems LLC ------------------------------------------ [Affected Product Code Base] Wowza Streaming Engine - All versions from 4.7.0 and prior, Issue mitigated in 4.7.1 ------------------------------------------ [Affected Component] Wowza Streaming Engine MBeans Server ------------------------------------------ [Attack Type] Context-dependent ------------------------------------------ [Impact Code execution] true ------------------------------------------ [Impact Escalation of Privileges] true ------------------------------------------ [Attack Vectors] Default JMX Username/Password are being used while JMX is enabled by default. ------------------------------------------ [Has vendor confirmed or acknowledged the vulnerability?] true