Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
rws worldserver vulnerabilities and exploits
(subscribe to this query)
9.8
CVSSv3
CVE-2022-34267
An issue exists in RWS WorldServer prior to 11.7.3. Adding a token parameter with the value of 02 bypasses all authentication requirements. Arbitrary Java code can be uploaded and executed via a .jar archive to the ws-api/v2/customizations/api endpoint.
Rws Worldserver
9.8
CVSSv3
CVE-2022-34268
An issue exists in RWS WorldServer prior to 11.7.3. /clientLogin deserializes Java objects without authentication, leading to command execution on the host.
Rws Worldserver
5.3
CVSSv3
CVE-2023-38357
Session tokens in RWS WorldServer 11.7.3 and previous versions have a low entropy and can be enumerated, leading to unauthorized access to user sessions.
Rws Worldserver
NA
CVE-2022-34270
An issue exists in RWS WorldServer prior to 11.7.3. Regular users can create users with the Administrator role via UserWSUserManager.
NA
CVE-2022-34269
An issue exists in RWS WorldServer prior to 11.7.3. An authenticated, remote attacker can perform a ws-legacy/load_dtd?system_id= blind SSRF attack to deploy JSP code to the Apache Axis service running on the localhost interface, leading to command execution.
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2020-4463
CVE-2024-29895
inject
CVE-2023-52689
CVE-2024-5049
CVE-2024-5051
privilege escalation
physical
CVE-2023-52676
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started