RWS WorldServer <11.7.3 Token=02 Auth Bypass + Remote JAR Upload
CVE-2022-34267 Published on December 25, 2023

An issue was discovered in RWS WorldServer before 11.7.3. Adding a token parameter with the value of 02 bypasses all authentication requirements. Arbitrary Java code can be uploaded and executed via a .jar archive to the ws-api/v2/customizations/api endpoint.

NVD

Products Associated with CVE-2022-34267

Want to know whenever a new CVE is published for Rws Worldserver? stack.watch will email you.

Rws Worldserver

Exploit Probability

EPSS

78.81%

Percentile

99.07%

EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.

RWS WorldServer <11.7.3 Token=02 Auth Bypass + Remote JAR UploadCVE-2022-34267 Published on December 25, 2023

Products Associated with CVE-2022-34267

Exploit Probability

RWS WorldServer <11.7.3 Token=02 Auth Bypass + Remote JAR Upload
CVE-2022-34267 Published on December 25, 2023