An issue was discovered in RWS WorldServer before 11.7.3. Adding a token parameter with the value of 02 bypasses all authentication requirements. Arbitrary Java code can be uploaded and executed via a .jar archive to the ws-api/v2/customizations/api endpoint.
References
Link | Resource |
---|---|
https://www.rws.com/localization/products/trados-enterprise/worldserver/ | Product |
https://www.triskelelabs.com/vulnerabilities-in-rws-worldserver | Exploit Third Party Advisory |
Configurations
History
04 Jan 2024, 01:19
Type | Values Removed | Values Added |
---|---|---|
References | () https://www.triskelelabs.com/vulnerabilities-in-rws-worldserver - Exploit, Third Party Advisory | |
References | () https://www.rws.com/localization/products/trados-enterprise/worldserver/ - Product | |
CPE | cpe:2.3:a:rws:worldserver:*:*:*:*:*:*:*:* | |
CWE | CWE-287 | |
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 9.8 |
25 Dec 2023, 08:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2023-12-25 08:15
Updated : 2024-02-05 00:22
NVD link : CVE-2022-34267
Mitre link : CVE-2022-34267
CVE.ORG link : CVE-2022-34267
JSON object : View
Products Affected
rws
- worldserver
CWE
CWE-287
Improper Authentication