CVE-2022-34268

An issue was discovered in RWS WorldServer before 11.7.3. /clientLogin deserializes Java objects without authentication, leading to command execution on the host.
Configurations

Configuration 1 (hide)

cpe:2.3:a:rws:worldserver:*:*:*:*:*:*:*:*

History

03 Jan 2024, 23:10

Type Values Removed Values Added
CWE CWE-502
First Time Rws worldserver
Rws
References () https://www.rws.com/localization/products/trados-enterprise/worldserver/ - () https://www.rws.com/localization/products/trados-enterprise/worldserver/ - Product
References () https://www.triskelelabs.com/vulnerabilities-in-rws-worldserver - () https://www.triskelelabs.com/vulnerabilities-in-rws-worldserver - Exploit, Third Party Advisory
CVSS v2 : unknown
v3 : unknown
v2 : unknown
v3 : 9.8
CPE cpe:2.3:a:rws:worldserver:*:*:*:*:*:*:*:*

25 Dec 2023, 08:15

Type Values Removed Values Added
New CVE

Information

Published : 2023-12-25 08:15

Updated : 2024-09-09 20:35


NVD link : CVE-2022-34268

Mitre link : CVE-2022-34268

CVE.ORG link : CVE-2022-34268


JSON object : View

Products Affected

rws

  • worldserver
CWE
CWE-502

Deserialization of Untrusted Data