Lucene search
K
RwsWorldserver

7 matches found

CVE
CVE
added 2023/12/25 12:0 a.m.100 views

CVE-2022-34267

Summary: RWS WorldServer before 11.7.3 contains an authentication bypass. By adding a token parameter with value 02, an attacker can bypass all auth requirements and upload/execute arbitrary Java code via a .jar archive at the ws-api/v2/customizations/api endpoint. Impact: unauthenticated code ex...

9.8CVSS9.4AI score0.42162EPSS
Web
CVE
CVE
added 2023/08/01 12:0 a.m.78 views

CVE-2023-38357

CVE-2023-38357 affects RWS WorldServer up to version 11.7.3, where session tokens have low entropy and can be enumerated, potentially granting unauthorized access to user sessions. Affected component is the session handling/token generation. The exploitation involves token enumeration leading to ...

5.3CVSS5.1AI score0.03122EPSS
CVE
CVE
added 2024/11/18 12:0 a.m.71 views

CVE-2024-50849

The CVE-2024-50849 entry concerns WorldServer v11.8.2 where a Stored Cross-Site Scripting (XSS) vulnerability exists in the Rules functionality. The issue allows a remote authenticated attacker to execute arbitrary JavaScript code. Several connected sources corroborate the affected product/versio...

4.8CVSS4.8AI score0.00484EPSS
CVE
CVE
added 2024/11/18 12:0 a.m.66 views

CVE-2024-50848

CVE-2024-50848 : Multiple sources confirm an XML External Entity (XXE) vulnerability in the WorldServer v11.8.2 Import object and Translation Memory import features, exploitable by supplying a crafted .tmx file. Affected component: WorldServer 11.8.2; root cause: XXE allowing access to sensitive ...

6.5CVSS7.3AI score0.01154EPSS
CVE
CVE
added 2023/12/25 12:0 a.m.38 views

CVE-2022-34268

CVE-2022-34268 : RWS WorldServer prior to 11.7.3 contains an insecure deserialization flaw in the /clientLogin endpoint, allowing deserialized Java objects without authentication and resulting in command execution on the host. Affected products/versions: RWS WorldServer before 11.7.3. Impact: hig...

9.8CVSS9.5AI score0.01455EPSS
CVE
CVE
added 2023/12/25 12:0 a.m.36 views

CVE-2022-34270

CVE-2022-34270 affects RWS WorldServer prior to 11.7.3. The issue allows a regular user to create other users with the Administrator role via UserWSUserManager, enabling unauthorized privilege escalation. Impact is documented as administrator-level access for an attacker with standard credentials...

9.8CVSS6.8AI score0.00887EPSS
CVE
CVE
added 2023/12/25 12:0 a.m.28 views

CVE-2022-34269

CVE-2022-34269 affects RWS WorldServer versions prior to 11.7.3. An authenticated, remote attacker can trigger a blind SSRF via the endpoint ws-legacy/load_dtd?system_id=, causing JSP code deployment to the Apache Axis service on localhost and resulting in command execution. Documented impact is ...

8.8CVSS7.2AI score0.01712EPSS
Web