PT-2023-13353 · Rws · Rws Worldserver

Brecht Snijders

Publicado

2023-12-25

Atualizado

2024-09-09

CVE-2022-34268

CVSS v3.1

9.8

Crítica

Vetor

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions RWS WorldServer versions prior to 11.7.3

Description An issue was discovered in RWS WorldServer where the /clientLogin endpoint deserializes Java objects without authentication, leading to command execution on the host.

Recommendations For versions prior to 11.7.3, update to version 11.7.3 or later to resolve the issue. As a temporary workaround, consider restricting access to the /clientLogin endpoint until a patch is available.

Exploit

Correção

Deserialization of Untrusted Data

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-502

Identificadores relacionados

CVE-2022-34268

Produtos afetados

Rws Worldserver

PT-2023-13353 · Rws · Rws Worldserver

CVE-2022-34268

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 7