Vulnerability Details CVE-2022-34267
An issue was discovered in RWS WorldServer before 11.7.3. Adding a token parameter with the value of 02 bypasses all authentication requirements. Arbitrary Java code can be uploaded and executed via a .jar archive to the ws-api/v2/customizations/api endpoint.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.739
EPSS Ranking 98.8%
CVSS Severity
CVSS v3 Score 9.8
References
Products affected by CVE-2022-34267
-
cpe:2.3:a:rws:worldserver:-