An issue exists in RWS WorldServer prior to 11.7.3. Adding a token parameter with the value of 02 bypasses all authentication requirements. Arbitrary Java code can be uploaded and executed via a .jar archive to the ws-api/v2/customizations/api endpoint.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
rws worldserver |