CVE-2024-47579 MEDIUM

CVE-2024-47579: Multiple vulnerabilities in SAP NetWeaver AS for JAVA(Adobe Document Services)

Vendor Sap_Se

Product SAP NetWeaver AS for JAVA (Adobe Document Services)

Weakness CWE-538

Published December 10, 2024

Last update December 16, 2024

View on NVD All CVEs

CVSS base score

6.8/10

Attack vector Network

Attack complexity Low

Privileges required High

User interaction None

Confidentiality High

Integrity None

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N

What the vulnerability does

Description

An attacker authenticated as an administrator can use an exposed webservice to upload or download a custom PDF font file on the system server. Using the upload functionality to copy an internal file into a font file and subsequently using the download functionality to retrieve that file allows the attacker to read any file on the server with no effect on integrity or availability

Key dates

Disclosure timeline

December 10, 2024 CVE published

December 16, 2024 Record updated

Identifiers

CVE CVE-2024-47579

CWE CWE-538

CVSS 6.8 / MEDIUM

Affected versions

Vendor Sap_Se

Product SAP NetWeaver AS for JAVA (Adobe Document Services)

Affected ADSSSAP 7.50