Vivoh Webinar Manager before 3.6.3.0 has improper API authentication. When a user logs in to the administration configuration web portlet, a VIVOH_AUTH cookie is assigned so that they can be uniquely identified. Certain APIs can be successfully executed without proper authentication. This can let an attacker impersonate as victim and make state changing requests on their behalf.
Metrics
Affected Vendors & Products
References
History
No history.
MITRE
Status: PUBLISHED
Assigner: mitre
Published: 2022-03-30T21:38:55
Updated: 2024-08-04T04:54:31.145Z
Reserved: 2021-12-27T00:00:00
Link: CVE-2021-45900
Vulnrichment
No data.
NVD
Status : Modified
Published: 2022-03-30T22:15:08.447
Modified: 2024-11-21T06:33:13.950
Link: CVE-2021-45900
Redhat
No data.