CVE-2022-34267

CRITICAL

CVSS v3

9.8

CRITICAL

EPSS Score

73.9%

exploit probability

CISA KEV

No

known exploited

Exploitation

SSVC status

Description

An issue was discovered in RWS WorldServer before 11.7.3. Adding a token parameter with the value of 02 bypasses all authentication requirements. Arbitrary Java code can be uploaded and executed via a .jar archive to the ws-api/v2/customizations/api endpoint.

Technical Details

Published
12/25/2023

Frequently Asked Questions

What is CVE-2022-34267?

An issue was discovered in RWS WorldServer before 11.7.3. Adding a token parameter with the value of 02 bypasses all authentication requirements. Arbitrary Java code can be uploaded and executed via a .jar archive to the ws-api/v2/customizations/api endpoint.

Is CVE-2022-34267 actively exploited?

Active exploitation of CVE-2022-34267 has not been confirmed. The EPSS score is 73.9%, indicating the estimated probability of exploitation in the next 30 days.

What is the CVSS score for CVE-2022-34267?

CVE-2022-34267 has a CVSS v3 base score of 9.8 (CRITICAL severity).

Is CVE-2022-34267 affecting your environment?

Use isMalicious to check if any of your IPs or domains are associated with this vulnerability's IOCs.