- Description
- An attacker authenticated as an administrator can use an exposed webservice to create a PDF with an embedded attachment. By specifying the file to be an internal server file and subsequently downloading the generated PDF, the attacker can read any file on the server with no effect on integrity or availability.
- Source
- cna@sap.com
- NVD status
- Received
CVSS 3.1
- Type
- Secondary
- Base score
- 6.8
- Impact score
- 4
- Exploitability score
- 2.3
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N
- Severity
- MEDIUM
- cna@sap.com
- CWE-538
- Hype score
- Not currently trending
برای محصول SAP چندین آسیب پذیری مختلف با کدهای شناسایی CVE-2024-47578 از نوع SSRF , آسیب پذیری با کد شناسایی CVE-2024-47579 از نوع Unauthorized File Manipulation و آسیب پذیری با کد شناسایی CVE-2024-47580 از نوع PDF File Vulnerability منتشر شده است. https://t.co/Poz3aKYxT1 https
@AmirHossein_sec
13 Dec 2024
41 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
CVE-2024-47580 An attacker authenticated as an administrator can use an exposed webservice to create a PDF with an embedded attachment. By specifying the file to be an internal ser… https://t.co/bXoR7JaY3c
@CVEnew
10 Dec 2024
162 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
SAPの定例セキュリティ更新。NetWeaver AS for JAVAでは重大(Critical)な脆弱性を修正。CVE-2024-47578はCVSSスコア9.1で、関連CVEのCVE-2024-47579やCVE-2024-47580と併せ悪用可能。公式は直ちにパッチ適用することを推奨。 https://t.co/MJELBZeWLk
@__kokumoto
10 Dec 2024
814 Impressions
5 Retweets
4 Likes
2 Bookmarks
0 Replies
0 Quotes