An issue was discovered in RWS WorldServer before 11.7.3. Adding a token parameter with the value of 02 bypasses all authentication requirements. Arbitrary Java code can be uploaded and executed via a .jar archive to the ws-api/v2/customizations/api endpoint.
Metrics
Affected Vendors & Products
References
History
No history.
MITRE
Status: PUBLISHED
Assigner: mitre
Published: 2023-12-25T00:00:00
Updated: 2024-08-03T09:07:16.289Z
Reserved: 2022-06-22T00:00:00
Link: CVE-2022-34267
Vulnrichment
No data.
NVD
Status : Modified
Published: 2023-12-25T08:15:07.200
Modified: 2024-11-21T07:09:11.063
Link: CVE-2022-34267
Redhat
No data.