An issue was discovered in RWS WorldServer before 11.7.3. Adding a token parameter with the value of 02 bypasses all authentication requirements. Arbitrary Java code can be uploaded and executed via a .jar archive to the ws-api/v2/customizations/api endpoint.
View the template here CVE-2022-34267.yaml
References:
https://nvd.nist.gov/vuln/detail/CVE-2022-34267