CVE-2024-50848

Name of the Vulnerable Software and Affected Versions: WorldServer version 11.8.2

Description: The issue is related to an XML External Entity (XXE) vulnerability in the Import object and Translation Memory import functionalities. This vulnerability can be exploited by supplying a crafted .tmx file, allowing access to sensitive information and execution of arbitrary commands.

Recommendations: For WorldServer version 11.8.2, consider disabling the Import object and Translation Memory import functionalities until a patch is available to prevent exploitation of the XXE vulnerability. Restrict access to these functionalities to minimize the risk of sensitive information disclosure and arbitrary command execution.