- Description
- An attacker authenticated as an administrator can use an exposed webservice to upload or download a custom PDF font file on the system server. Using the upload functionality to copy an internal file into a font file and subsequently using the download functionality to retrieve that file allows the attacker to read any file on the server with no effect on integrity or availability
- Source
- cna@sap.com
- NVD status
- Received
CVSS 3.1
- Type
- Secondary
- Base score
- 6.8
- Impact score
- 4
- Exploitability score
- 2.3
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N
- Severity
- MEDIUM
- cna@sap.com
- CWE-538
- Hype score
- Not currently trending
برای محصول SAP چندین آسیب پذیری مختلف با کدهای شناسایی CVE-2024-47578 از نوع SSRF , آسیب پذیری با کد شناسایی CVE-2024-47579 از نوع Unauthorized File Manipulation و آسیب پذیری با کد شناسایی CVE-2024-47580 از نوع PDF File Vulnerability منتشر شده است. https://t.co/Poz3aKYxT1 https
@AmirHossein_sec
13 Dec 2024
41 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
CVE-2024-47579 An attacker authenticated as an administrator can use an exposed webservice to upload or download a custom PDF font file on the system server. Using the upload funct… https://t.co/xHcnBCzynk
@CVEnew
10 Dec 2024
168 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
SAPの定例セキュリティ更新。NetWeaver AS for JAVAでは重大(Critical)な脆弱性を修正。CVE-2024-47578はCVSSスコア9.1で、関連CVEのCVE-2024-47579やCVE-2024-47580と併せ悪用可能。公式は直ちにパッチ適用することを推奨。 https://t.co/MJELBZeWLk
@__kokumoto
10 Dec 2024
814 Impressions
5 Retweets
4 Likes
2 Bookmarks
0 Replies
0 Quotes