An issue was discovered in RWS WorldServer before 11.7.3. Adding a token parameter with the value of 02 bypasses all authentication requirements. Arbitrary Java code can be uploaded and executed via a .jar archive to the ws-api/v2/customizations/api endpoint.
History

No history.

cve-icon MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2023-12-25T00:00:00

Updated: 2024-08-03T09:07:16.289Z

Reserved: 2022-06-22T00:00:00

Link: CVE-2022-34267

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Modified

Published: 2023-12-25T08:15:07.200

Modified: 2024-11-21T07:09:11.063

Link: CVE-2022-34267

cve-icon Redhat

No data.