Login Sign Up

CVE-2022-34269

8.8 HIGH
Remote Code Execution SSRF

📋 TL;DR

This vulnerability allows authenticated attackers to perform blind Server-Side Request Forgery (SSRF) attacks against RWS WorldServer, enabling them to deploy JSP code to the Apache Axis service on localhost and achieve remote command execution. It affects organizations running vulnerable versions of RWS WorldServer before 11.7.3. Attackers need valid credentials to exploit this vulnerability.

💻 Affected Systems

Products:
  • RWS WorldServer
Versions: All versions before 11.7.3
Operating Systems: Any OS running WorldServer
Default Config Vulnerable: ⚠️ Yes
Notes: Requires WorldServer installation with Apache Axis service running on localhost interface.

📦 What is this software?

Worldserver by Rws

View all CVEs affecting Worldserver →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Full system compromise allowing attackers to execute arbitrary commands with the privileges of the WorldServer service, potentially leading to data theft, lateral movement, or complete system takeover.

🟠

Likely Case

Unauthorized command execution on the WorldServer host, enabling data exfiltration, installation of backdoors, or disruption of localization services.

🟢

If Mitigated

Limited impact due to network segmentation, strong authentication controls, and monitoring preventing successful exploitation.

🌐 Internet-Facing: HIGH
🏢 Internal Only: HIGH

🎯 Exploit Status

Public PoC: ⚠️ Yes
Weaponized: LIKELY
Unauthenticated Exploit: ✅ No
Complexity: LOW

Exploitation requires authenticated access but uses straightforward SSRF techniques to achieve RCE.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 11.7.3

Vendor Advisory: https://www.rws.com/localization/products/trados-enterprise/worldserver/

Restart Required: Yes

Instructions:

1. Download WorldServer 11.7.3 or later from RWS support portal. 2. Backup current installation and data. 3. Run the upgrade installer following RWS documentation. 4. Restart WorldServer services.

🔧 Temporary Workarounds

Network Segmentation

all

Restrict network access to WorldServer and isolate it from sensitive systems.

Authentication Hardening

all

Implement strong authentication controls and monitor for suspicious login attempts.

🧯 If You Can't Patch

  • Implement strict network access controls to limit WorldServer exposure
  • Monitor for suspicious requests to ws-legacy/load_dtd endpoints

🔍 How to Verify

Check if Vulnerable:

Check WorldServer version via admin interface or configuration files. Versions below 11.7.3 are vulnerable.

Check Version:

Check WorldServer admin dashboard or consult installation documentation for version information.

Verify Fix Applied:

Confirm version is 11.7.3 or higher and test that ws-legacy/load_dtd endpoint no longer accepts malicious system_id parameters.

📡 Detection & Monitoring

Log Indicators:

  • Unusual requests to ws-legacy/load_dtd endpoints
  • Suspicious JSP file deployment
  • Unexpected Apache Axis service activity

Network Indicators:

  • HTTP requests with SSRF payloads to WorldServer
  • Outbound connections from WorldServer to internal services

SIEM Query:

source="worldserver" AND (uri="*ws-legacy/load_dtd*" OR process="axis")

📊 Metadata

CVE ID: CVE-2022-34269
CVSS v3 Score: 8.8 (HIGH)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CWE: CWE-918
Published: February 29, 2024
Last Updated: April 16, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2022-34269, you might also want to check these:

CVE-2023-3432 10.0

This CVE describes a Server-Side Request Forgery (SSRF) vulnerability in PlantUML versions prior to ...

Same vulnerability type (CWE-918)
CVE-2025-2828 10.0

This Server-Side Request Forgery (SSRF) vulnerability in langchain-community's RequestsToolkit allow...

Same vulnerability type (CWE-918)
CVE-2023-43654 10.0

TorchServe versions 0.1.0 to 0.8.1 have a critical vulnerability where the default configuration lac...

Same vulnerability type (CWE-918)