Vulnerability Description
Vivoh Webinar Manager before 3.6.3.0 has improper API authentication. When a user logs in to the administration configuration web portlet, a VIVOH_AUTH cookie is assigned so that they can be uniquely identified. Certain APIs can be successfully executed without proper authentication. This can let an attacker impersonate as victim and make state changing requests on their behalf.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Vivoh | Webinar Manager | < 3.6.3.0 |
Related Weaknesses (CWE)
References
- https://vivoh.com/blog/finra-remediation/ExploitVendor Advisory
- https://vivoh.com/wp-content/uploads/2021/11/Vivoh-Webinar-Manager-for-Zoom-InstBroken Link
- https://vivoh.com/blog/finra-remediation/ExploitVendor Advisory
- https://vivoh.com/wp-content/uploads/2021/11/Vivoh-Webinar-Manager-for-Zoom-InstBroken Link
FAQ
What is CVE-2021-45900?
CVE-2021-45900 is a vulnerability with a CVSS score of 6.5 (MEDIUM). Vivoh Webinar Manager before 3.6.3.0 has improper API authentication. When a user logs in to the administration configuration web portlet, a VIVOH_AUTH cookie is assigned so that they can be uniquely ...
How severe is CVE-2021-45900?
CVE-2021-45900 has been rated MEDIUM with a CVSS base score of 6.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2021-45900?
Check the references section above for vendor advisories and patch information. Affected products include: Vivoh Webinar Manager.