CVE-2022-34267

Name of the Vulnerable Software and Affected Versions RWS WorldServer versions prior to 11.7.3

Description An issue was discovered in RWS WorldServer where adding a token parameter with the value of 02 bypasses all authentication requirements. This allows arbitrary Java code to be uploaded and executed via a .jar archive to the "ws-api/v2/customizations/api" endpoint.

Recommendations For versions prior to 11.7.3, update to version 11.7.3 or later to resolve the issue. As a temporary workaround, consider restricting access to the "ws-api/v2/customizations/api" endpoint until a patch is available. Avoid using the token parameter with the value of 02 in the affected API endpoint until the issue is resolved.