CVE-2024-47578

Published Dec 10, 2024

Last updated 3 months ago

CVSS critical 9.1

Overview

Description
Adobe Document Service allows an attacker with administrator privileges to send a crafted request from a vulnerable web application. It is usually used to target internal systems behind firewalls that are normally inaccessible to an attacker from the external network, resulting in a Server-Side Request Forgery vulnerability. On successful exploitation, the attacker can read or modify any file and/or make the entire system unavailable.
Source
cna@sap.com
NVD status
Received

Risk scores

CVSS 3.1

Type
Secondary
Base score
9.1
Impact score
6
Exploitability score
2.3
Vector string
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
Severity
CRITICAL

Weaknesses

cna@sap.com
CWE-918

Social media

Hype score
Not currently trending

  1. برای محصول SAP چندین آسیب پذیری مختلف با کدهای شناسایی CVE-2024-47578 از نوع SSRF , آسیب پذیری با کد شناسایی CVE-2024-47579 از نوع Unauthorized File Manipulation و آسیب پذیری با کد شناسایی CVE-2024-47580 از نوع PDF File Vulnerability منتشر شده است. https://t.co/Poz3aKYxT1 https

    @AmirHossein_sec

    13 Dec 2024

    41 Impressions

    0 Retweets

    1 Like

    0 Bookmarks

    0 Replies

    0 Quotes

  2. SAPの定例セキュリティ更新。NetWeaver AS for JAVAでは重大(Critical)な脆弱性を修正。CVE-2024-47578はCVSSスコア9.1で、関連CVEのCVE-2024-47579やCVE-2024-47580と併せ悪用可能。公式は直ちにパッチ適用することを推奨。 https://t.co/MJELBZeWLk

    @__kokumoto

    10 Dec 2024

    814 Impressions

    5 Retweets

    4 Likes

    2 Bookmarks

    0 Replies

    0 Quotes

  3. CVE-2024-47578 Server-side Request Forgery in Adobe Document Service Exploitation Adobe Document Service has a Server-Side Request Forgery vulnerability. This lets an attacker with admin rights send a special req... https://t.co/QOWJs640Rr

    @VulmonFeeds

    10 Dec 2024

    55 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  4. [CVE-2024-47578: CRITICAL] Vulnerability in Adobe Document Service enables attackers to exploit Server-Side Request Forgery, gaining access to sensitive files and disrupting system operations.#cybersecurity,#vulnerability https://t.co/3y2ncMrdtO https://t.co/mXCr7FuFnU

    @CveFindCom

    10 Dec 2024

    72 Impressions

    0 Retweets

    1 Like

    0 Bookmarks

    0 Replies

    0 Quotes

References