Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
rws worldserver vulnerabilities and exploits
(subscribe to this query)
9.8
CVSSv3
CVE-2022-34267
An issue exists in RWS WorldServer prior to 11.7.3. Adding a token parameter with the value of 02 bypasses all authentication requirements. Arbitrary Java code can be uploaded and executed via a .jar archive to the ws-api/v2/customizations/api endpoint.
Rws Worldserver
9.8
CVSSv3
CVE-2022-34268
An issue exists in RWS WorldServer prior to 11.7.3. /clientLogin deserializes Java objects without authentication, leading to command execution on the host.
Rws Worldserver
5.3
CVSSv3
CVE-2023-38357
Session tokens in RWS WorldServer 11.7.3 and previous versions have a low entropy and can be enumerated, leading to unauthorized access to user sessions.
Rws Worldserver
NA
CVE-2022-34269
An issue exists in RWS WorldServer prior to 11.7.3. An authenticated, remote attacker can perform a ws-legacy/load_dtd?system_id= blind SSRF attack to deploy JSP code to the Apache Axis service running on the localhost interface, leading to command execution.
NA
CVE-2022-34270
An issue exists in RWS WorldServer prior to 11.7.3. Regular users can create users with the Administrator role via UserWSUserManager.
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-32976
CVE-2024-33557
CVE-2024-36801
CVE-2024-35654
authentication bypass
CVE-2024-24919
CSRF
code execution
CVE-2024-27348
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started