CVE-2024-50848

Published: Nov 18, 2024Modified: Oct 20, 2025

6.5

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N

Exploitability: 2.8 / Impact: 3.6

Source: 134c704f-9b21-4f2e-91b3-4a467353bcc0 (Secondary)

Description

An XML External Entity (XXE) vulnerability in the Import object and Translation Memory import functionalities of WorldServer v11.8.2 to access sensitive information and execute arbitrary commands via supplying a crafted .tmx file.

Affected (1)

Products: Rws: Worldserver

Rws

1 product

Worldserver

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Rws Worldserver	Version 11.8.2

Related CWEs

CWE-611

Improper Restriction of XML External Entity Reference

The product processes an XML document that can contain XML entities with URIs that resolve to documents outside of the intended sphere of control, causing the product to embed incorrect documents into its output.

References (3)

https://github.com/1mhr4b/CVE-2024-50848

Source: cve@mitre.org

https://github.com/Wh1teSnak3/CVE-2024-50848

Source: cve@mitre.org

Third Party Advisory

https://www.trados.com/product/worldserver/

Source: cve@mitre.org

Product

Timeline

No history available yet.