Vulnerability Details CVE-2022-34269
An issue was discovered in RWS WorldServer before 11.7.3. An authenticated, remote attacker can perform a ws-legacy/load_dtd?system_id= blind SSRF attack to deploy JSP code to the Apache Axis service running on the localhost interface, leading to command execution.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.048
EPSS Ranking 89.0%
CVSS Severity
CVSS v3 Score 8.8
References
Products affected by CVE-2022-34269
-
cpe:2.3:a:rws:worldserver:-