Rws Worldserver
Don't miss out!
Thousands of developers use stack.watch to stay informed.Get an email whenever new security vulnerabilities are reported in Rws Worldserver.
By the Year
In 2026 there have been 0 vulnerabilities in Rws Worldserver. Worldserver did not have any published security vulnerabilities last year.
| Year | Vulnerabilities | Average Score |
|---|---|---|
| 2026 | 0 | 0.00 |
| 2025 | 0 | 0.00 |
| 2024 | 4 | 5.65 |
| 2023 | 3 | 8.30 |
It may take a day or so for new Worldserver vulnerabilities to show up in the stats or in the list of recent security vulnerabilities. Additionally vulnerabilities may be tagged under a different product or component name.
Recent Rws Worldserver Security Vulnerabilities
WorldServer v11.8.2 XSS in Rules module Remote Authenticated Exec JS
CVE-2024-50849
4.8 - Medium
- November 18, 2024
A Stored Cross-Site Scripting (XSS) vulnerability in the "Rules" functionality of WorldServer v11.8.2 allows a remote authenticated attacker to execute arbitrary JavaScript code.
XSS
XXE in WorldServer v11.8.2 Import & TM Import
CVE-2024-50848
6.5 - Medium
- November 18, 2024
An XML External Entity (XXE) vulnerability in the Import object and Translation Memory import functionalities of WorldServer v11.8.2 to access sensitive information and execute arbitrary commands via supplying a crafted .tmx file.
XXE
RWS WorldServer <11.7.3: Priv Escal via UserWSUserManager
CVE-2022-34270
- February 29, 2024
An issue was discovered in RWS WorldServer before 11.7.3. Regular users can create users with the Administrator role via UserWSUserManager.
RWS WorldServer <11.7.3 SSRF via ws-legacy/load_dtd?system_id JSP Exec
CVE-2022-34269
- February 29, 2024
An issue was discovered in RWS WorldServer before 11.7.3. An authenticated, remote attacker can perform a ws-legacy/load_dtd?system_id= blind SSRF attack to deploy JSP code to the Apache Axis service running on the localhost interface, leading to command execution.
RWS WorldServer <11.7.3: /clientLogin Deserialization Enables Host Command Exec
CVE-2022-34268
9.8 - Critical
- December 25, 2023
An issue was discovered in RWS WorldServer before 11.7.3. /clientLogin deserializes Java objects without authentication, leading to command execution on the host.
Marshaling, Unmarshaling
RWS WorldServer <11.7.3 Token=02 Auth Bypass + Remote JAR Upload
CVE-2022-34267
9.8 - Critical
- December 25, 2023
An issue was discovered in RWS WorldServer before 11.7.3. Adding a token parameter with the value of 02 bypasses all authentication requirements. Arbitrary Java code can be uploaded and executed via a .jar archive to the ws-api/v2/customizations/api endpoint.
authentification
Low-entropy Session Tokens in RWS WorldServer < 11.7.3 Allow Session Enumeration
CVE-2023-38357
5.3 - Medium
- August 01, 2023
Session tokens in RWS WorldServer 11.7.3 and earlier have a low entropy and can be enumerated, leading to unauthorized access to user sessions.
Insufficient Entropy
Stay on top of Security Vulnerabilities
Want an email whenever new vulnerabilities are published for Rws Worldserver or by Rws? Click the Watch button to subscribe.
