CVE-2022-34268

An issue was discovered in RWS WorldServer before 11.7.3. /clientLogin deserializes Java objects without authentication, leading to command execution on the host.
Configurations

Configuration 1 (hide)

cpe:2.3:a:rws:worldserver:*:*:*:*:*:*:*:*

History

21 Nov 2024, 07:09

Type Values Removed Values Added
References () https://www.rws.com/localization/products/trados-enterprise/worldserver/ - Product () https://www.rws.com/localization/products/trados-enterprise/worldserver/ - Product
References () https://www.triskelelabs.com/vulnerabilities-in-rws-worldserver - Exploit, Third Party Advisory () https://www.triskelelabs.com/vulnerabilities-in-rws-worldserver - Exploit, Third Party Advisory

03 Jan 2024, 23:10

Type Values Removed Values Added
References () https://www.rws.com/localization/products/trados-enterprise/worldserver/ - () https://www.rws.com/localization/products/trados-enterprise/worldserver/ - Product
References () https://www.triskelelabs.com/vulnerabilities-in-rws-worldserver - () https://www.triskelelabs.com/vulnerabilities-in-rws-worldserver - Exploit, Third Party Advisory
CVSS v2 : unknown
v3 : unknown
v2 : unknown
v3 : 9.8
CPE cpe:2.3:a:rws:worldserver:*:*:*:*:*:*:*:*
First Time Rws worldserver
Rws
CWE CWE-502

25 Dec 2023, 08:15

Type Values Removed Values Added
New CVE

Information

Published : 2023-12-25 08:15

Updated : 2024-11-21 07:09


NVD link : CVE-2022-34268

Mitre link : CVE-2022-34268

CVE.ORG link : CVE-2022-34268


JSON object : View

Products Affected

rws

  • worldserver
CWE
CWE-502

Deserialization of Untrusted Data