Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
rws worldserver vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2022-34268
An issue exists in RWS WorldServer prior to 11.7.3. /clientLogin deserializes Java objects without authentication, leading to command execution on the host.
Rws Worldserver
NA
CVE-2022-34267
An issue exists in RWS WorldServer prior to 11.7.3. Adding a token parameter with the value of 02 bypasses all authentication requirements. Arbitrary Java code can be uploaded and executed via a .jar archive to the ws-api/v2/customizations/api endpoint.
Rws Worldserver
NA
CVE-2023-38357
Session tokens in RWS WorldServer 11.7.3 and previous versions have a low entropy and can be enumerated, leading to unauthorized access to user sessions.
Rws Worldserver
NA
CVE-2022-34270
An issue exists in RWS WorldServer prior to 11.7.3. Regular users can create users with the Administrator role via UserWSUserManager.
NA
CVE-2022-34269
An issue exists in RWS WorldServer prior to 11.7.3. An authenticated, remote attacker can perform a ws-legacy/load_dtd?system_id= blind SSRF attack to deploy JSP code to the Apache Axis service running on the localhost interface, leading to command execution.
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
authentication bypass
CVE-2024-30043
camera
CVE-2023-40404
CVE-2024-2793
client side
CVE-2024-4469
CVE-2024-3565
CVE-2024-29825
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started