Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
rws worldserver vulnerabilities and exploits
(subscribe to this query)
5.3
CVSSv3
CVE-2023-38357
Session tokens in RWS WorldServer 11.7.3 and previous versions have a low entropy and can be enumerated, leading to unauthorized access to user sessions.
Rws Worldserver
9.8
CVSSv3
CVE-2022-34267
An issue exists in RWS WorldServer prior to 11.7.3. Adding a token parameter with the value of 02 bypasses all authentication requirements. Arbitrary Java code can be uploaded and executed via a .jar archive to the ws-api/v2/customizations/api endpoint.
Rws Worldserver
9.8
CVSSv3
CVE-2022-34268
An issue exists in RWS WorldServer prior to 11.7.3. /clientLogin deserializes Java objects without authentication, leading to command execution on the host.
Rws Worldserver
NA
CVE-2022-34270
An issue exists in RWS WorldServer prior to 11.7.3. Regular users can create users with the Administrator role via UserWSUserManager.
NA
CVE-2022-34269
An issue exists in RWS WorldServer prior to 11.7.3. An authenticated, remote attacker can perform a ws-legacy/load_dtd?system_id= blind SSRF attack to deploy JSP code to the Apache Axis service running on the localhost interface, leading to command execution.
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-27322
cross-site request forgery
unauthorized
CVE-2024-33925
reflected XSS
CVE-2023-51580
CVE-2023-51579
CVE-2015-2051
CVE-2023-51609
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started