Wowza Streaming Engine v.<= 4.8.16+1 (build 20211129092949) is vulnerable to the Log4j JNDI injection, affecting the ‘
j_username‘ username field, in the login page as well as other HTTP headers. Attackers exploiting this issue will be able to achieve remote code execution (RCE) in the context of the
NT AUTHORITY\SYSTEM Windows user managing the service.
All vendors affected by the Log4j vulnerability must use the CVE-2021-44228 when referring to this vulnerability in their own products.
At present, MITRE does not offer an option for a vendor to associate its own unique CVE ID with this same underlying vulnerability.