This page lists publicly disclosed CVE vulnerabilities affecting rws worldserver (linked via NVD CPE). Each row includes severity scores, summaries, and publication dates to help identify and analyze security issues.
| CVE | Summary | Source | Max CVSS | EPSS % | Published | Updated |
|---|---|---|---|---|---|---|
| CVE-2024-50849 | A Stored Cross-Site Scripting (XSS) vulnerability in the "Rules" functionality of WorldServer v11.8.2 allows a remote authenticated attacker to execute arbitrary JavaScript code. | [email protected] | 4.8 | 0.48% | 2024-11-18 | 2025-10-20 |
| CVE-2024-50848 | An XML External Entity (XXE) vulnerability in the Import object and Translation Memory import functionalities of WorldServer v11.8.2 to access sensitive information and execute arbitrary commands via supplying a crafted .tmx file. | [email protected] | 6.5 | 1.15% | 2024-11-18 | 2025-10-20 |
| CVE-2022-34270 | An issue was discovered in RWS WorldServer before 11.7.3. Regular users can create users with the Administrator role via UserWSUserManager. | [email protected] | 9.8 | 0.89% | 2024-02-29 | 2025-04-16 |
| CVE-2022-34269 | An issue was discovered in RWS WorldServer before 11.7.3. An authenticated, remote attacker can perform a ws-legacy/load_dtd?system_id= blind SSRF attack to deploy JSP code to the Apache Axis service running on the localhost interface, leading to command execution. | [email protected] | 8.8 | 1.71% | 2024-02-29 | 2025-04-16 |
| CVE-2022-34268 | An issue was discovered in RWS WorldServer before 11.7.3. /clientLogin deserializes Java objects without authentication, leading to command execution on the host. | [email protected] | 9.8 | 1.46% | 2023-12-25 | 2024-11-21 |
| CVE-2022-34267 | An issue was discovered in RWS WorldServer before 11.7.3. Adding a token parameter with the value of 02 bypasses all authentication requirements. Arbitrary Java code can be uploaded and executed via a .jar archive to the ws-api/v2/customizations/api endpoint. | [email protected] | 9.8 | 42.16% | 2023-12-25 | 2024-11-21 |
| CVE-2023-38357 | Session tokens in RWS WorldServer 11.7.3 and earlier have a low entropy and can be enumerated, leading to unauthorized access to user sessions. | [email protected] | 5.3 | 3.12% | 2023-08-01 | 2024-11-21 |