CVE-2018-7047

{"id": "CVE-2018-7047", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 7.5, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "LOW", "availabilityImpact": "PARTIAL", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": true, "impactScore": 6.4, "baseSeverity": "HIGH", "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV30": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.0", "baseScore": 9.8, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 3.9}]}, "published": "2018-03-01T21:29:00.407", "references": [{"url": "https://raw.githubusercontent.com/WowzaMediaSystems/public_cve/main/wowza-streaming-engine/CVE-2018-7047.txt", "source": "cve@mitre.org"}, {"url": "https://www.wowza.com/docs/wowza-streaming-engine-4-7-1-release-notes", "tags": ["Release Notes", "Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "https://raw.githubusercontent.com/WowzaMediaSystems/public_cve/main/wowza-streaming-engine/CVE-2018-7047.txt", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://www.wowza.com/docs/wowza-streaming-engine-4-7-1-release-notes", "tags": ["Release Notes", "Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-798"}]}], "descriptions": [{"lang": "en", "value": "An issue was discovered in the MBeans Server in Wowza Streaming Engine before 4.7.1. The file system may be read and written to via JMX using the default JMX credentials (remote code execution may be possible as well)."}, {"lang": "es", "value": "Se ha descubierto un problema en MBeans Server en Wowza Streaming Engine, en versiones anteriores a la 4.7.1. El sistema de archivos podr\u00eda leerse y escribirse mediante JMX empleando las credenciales JMX por defecto (tambi\u00e9n podr\u00eda ser posible la ejecuci\u00f3n remota de c\u00f3digo)."}], "lastModified": "2024-11-21T04:11:33.457", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:wowza:streaming_engine:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "DD1497CC-FD76-42D7-9947-8B9621EC31A9", "versionEndExcluding": "4.7.1"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}