[As of April 20th, 2022]
We have tested with the recommended method to determine the vulnerability impact on Wowza Streaming Engine. At this time, we have determined that neither of the CVEs listed below impacts Wowza Streaming Engine. This is great news!
- CVE-2022-22963 (regarding Spring Cloud - not used by Wowza Streaming Engine)
- CVE-2022-22965
- CVE-2022-22950
As a best practice, we will be updating the vulnerable version of Spring Framework (5.2.7). This update will be included in the next Wowza Streaming Engine release (4.8.19) in Q2 2022.
In the meantime, we will continue to monitor updates to these CVEs and any related impacts to ensure that we are fully mitigating the known vulnerabilities.
Mitigation Options
There are no mitigation options available at this time.