CVE-2022-34267

An issue was discovered in RWS WorldServer before 11.7.3. Adding a token parameter with the value of 02 bypasses all authentication requirements. Arbitrary Java code can be uploaded and executed via a .jar archive to the ws-api/v2/customizations/api endpoint.
Configurations

Configuration 1 (hide)

cpe:2.3:a:rws:worldserver:*:*:*:*:*:*:*:*

History

04 Jan 2024, 01:19

Type Values Removed Values Added
References () https://www.triskelelabs.com/vulnerabilities-in-rws-worldserver - () https://www.triskelelabs.com/vulnerabilities-in-rws-worldserver - Exploit, Third Party Advisory
References () https://www.rws.com/localization/products/trados-enterprise/worldserver/ - () https://www.rws.com/localization/products/trados-enterprise/worldserver/ - Product
CPE cpe:2.3:a:rws:worldserver:*:*:*:*:*:*:*:*
CWE CWE-287
CVSS v2 : unknown
v3 : unknown
v2 : unknown
v3 : 9.8

25 Dec 2023, 08:15

Type Values Removed Values Added
New CVE

Information

Published : 2023-12-25 08:15

Updated : 2024-02-05 00:22


NVD link : CVE-2022-34267

Mitre link : CVE-2022-34267

CVE.ORG link : CVE-2022-34267


JSON object : View

Products Affected

rws

  • worldserver
CWE
CWE-287

Improper Authentication