Ensemble Software / Wowza Software and the CVE-2021-44228 vulnerability

Follow

For Ensemble Video self-hosted customers, your Wowza software may be affected by the Apache Log4j2 vulnerability (CVE-2021-44228).

According to the Wowza statement released on their website,
Wowza Streaming Engine 4.8.8.01 and newer uses a version of Apache Log4j2 with a security vulnerability (CVE-2021-44228)

  • Customers on Wowza Streaming Engine 4.8.5.05 and below are not impacted by this vulnerability.

           To find your Wowza version, enter your Wowza URL into a browser.

                         Example:     wowza.ensemblevideo.com

                  You should see an output similar to this:  

                         Wowza Streaming Engine 4 Subscription Edition 4.8.5.05 build20201006161917

Reference can be found here:
https://www.wowza.com/docs/known-issues-with-wowza-streaming-engine

If you need to install the update/patch, instructions for Windows install are on the above URL, or the shortcut is here:

https://www.wowza.com/docs/update-for-apache-log4j2-security-vulnerability#update-on-windows1

2 out of 2 found this helpful