CVE-2024-50848
Published: 18 November 2024
Summary
CVE-2024-50848 is a medium-severity Improper Restriction of XML External Entity Reference (CWE-611) vulnerability in Rws Worldserver. Its CVSS base score is 6.5 (Medium).
Operationally, exploitation aligns with the MITRE ATT&CK technique File and Directory Discovery (T1083); ranked in the top 7.8% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.
Deeper analysis
CVE-2024-50848 is an XML External Entity (XXE) vulnerability, tracked as CWE-611, that affects the Import object and Translation Memory import functionalities in WorldServer version 11.8.2. The flaw allows an attacker to access sensitive information and execute arbitrary commands by supplying a crafted .tmx file during import operations. It carries a CVSS 3.1 score of 6.5 reflecting network attack vector, low complexity, no required privileges, and required user interaction.
An unauthenticated attacker can exploit the issue remotely by delivering the malicious .tmx file to a WorldServer instance, resulting in disclosure of sensitive data with high confidentiality impact while integrity and availability remain unaffected.
Public references include proof-of-concept repositories demonstrating the attack and the vendor product page for WorldServer; no official advisory or patch details are provided in the available sources. The associated EPSS score has remained low, with a peak of 0.0910 and current value of 0.0785.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2024-45025
Vulnerability details
An XML External Entity (XXE) vulnerability in the Import object and Translation Memory import functionalities of WorldServer v11.8.2 to access sensitive information and execute arbitrary commands via supplying a crafted .tmx file.
- CWE(s)
Related Threats
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
XXE vulnerability enables arbitrary file and directory reads (T1083: File and Directory Discovery) via crafted .tmx file parsing and facilitates arbitrary command execution (T1059: Command and Scripting Interpreter).
Affected Assets
Mitigating Controls
Likely Mitigating Controls AI
Per-CVE control mapping for this CVE has not run yet; the list below is derived from the weakness types (CWEs) cited in the NVD entry.