📦 Worldserver

Name: Worldserver
Author: Rws

by Rws

🔍 What is Worldserver?

Description coming soon...

🛡️ Security Overview

Click on a severity to filter vulnerabilities

⚠️ Known Vulnerabilities

CVE-2022-34270

CRITICAL CVSS 9.8 Feb 29, 2024

In RWS WorldServer versions before 11.7.3, regular authenticated users can create new user accounts with Administrator privileges through the UserWSUserManager component. This privilege escalation vul...

CVE-2022-34267

CRITICAL CVSS 9.8 Dec 25, 2023

CVE-2022-34267 is an authentication bypass vulnerability in RWS WorldServer that allows unauthenticated attackers to upload and execute arbitrary Java code. By adding a specific token parameter (value...

CVE-2022-34269

HIGH CVSS 8.8 Feb 29, 2024

This vulnerability allows authenticated attackers to perform blind Server-Side Request Forgery (SSRF) attacks against RWS WorldServer, enabling them to deploy JSP code to the Apache Axis service on lo...

CVE-2024-50849

MEDIUM CVSS 4.8 Nov 18, 2024

A stored cross-site scripting vulnerability in WorldServer's Rules functionality allows authenticated attackers to inject malicious JavaScript that executes when other users view affected rules. This ...