.. / CVE-2022-34267

Exploit for RWS WorldServer - Authentication Bypass (CVE-2022-34267)

Description:

An issue was discovered in RWS WorldServer before 11.7.3. Adding a token parameter with the value of 02 bypasses all authentication requirements. Arbitrary Java code can be uploaded and executed via a .jar archive to the ws-api/v2/customizations/api endpoint.

Nuclei Template

View the template here CVE-2022-34267.yaml

Validate with Nuclei

echo "$URL" | nuclei -t ~/nuclei-templates/http/cves/2022/CVE-2022-34267.yaml
Copy

References:

https://nvd.nist.gov/vuln/detail/CVE-2022-34267
https://www.rws.com/localization/products/trados-enterprise/worldserver/
https://github.com/tanjiti/sec_profile
https://www.triskelelabs.com/vulnerabilities-in-rws-worldserver