8 matches found
CVE-2024-47580 Multiple vulnerabilities in SAP NetWeaver AS for JAVA(Adobe Document Services)
An attacker authenticated as an administrator can use an exposed webservice to create a PDF with an embedded attachment. By specifying the file to be an internal server file and subsequently downloading the generated PDF, the attacker can read any file on the server with no effect on integrity or...
CVE-2024-47580 Multiple vulnerabilities in SAP NetWeaver AS for JAVA(Adobe Document Services)
An attacker authenticated as an administrator can use an exposed webservice to create a PDF with an embedded attachment. By specifying the file to be an internal server file and subsequently downloading the generated PDF, the attacker can read any file on the server with no effect on integrity or...
CVE-2024-47579 Multiple vulnerabilities in SAP NetWeaver AS for JAVA(Adobe Document Services)
An attacker authenticated as an administrator can use an exposed webservice to upload or download a custom PDF font file on the system server. Using the upload functionality to copy an internal file into a font file and subsequently using the download functionality to retrieve that file allows th...
CVE-2024-47579 Multiple vulnerabilities in SAP NetWeaver AS for JAVA(Adobe Document Services)
An attacker authenticated as an administrator can use an exposed webservice to upload or download a custom PDF font file on the system server. Using the upload functionality to copy an internal file into a font file and subsequently using the download functionality to retrieve that file allows th...
CVE-2024-47578 Multiple vulnerabilities in SAP NetWeaver AS for JAVA(Adobe Document Services)
Adobe Document Service allows an attacker with administrator privileges to send a crafted request from a vulnerable web application. It is usually used to target internal systems behind firewalls that are normally inaccessible to an attacker from the external network, resulting in a Server-Side...
CVE-2024-47578 Multiple vulnerabilities in SAP NetWeaver AS for JAVA(Adobe Document Services)
Adobe Document Service allows an attacker with administrator privileges to send a crafted request from a vulnerable web application. It is usually used to target internal systems behind firewalls that are normally inaccessible to an attacker from the external network, resulting in a Server-Side...
co.elastic.apm:apm-agent-attach-cli (>=1.26.0 <=1.49.0), com.adobe.documentservices:pdfservices-sdk (>=2.2.2 <=3.5.1) +164 more potentially affected by CVE-2024-29857 via org.bouncycastle:bc-fips (>=1.0.1 <=1.0.2.4)
org.bouncycastle:bc-fips MAVEN version =1.0.1, =1.26.0, =2.2.2, =4.16.8.0, =4.16.8.0, =4.16.8.0, =4.16.8.0, =4.16.8.0, =4.16.8.0, =4.16.8.0, =4.16.8.0, =4.16.8.0, =4.16.8.0, =4.16.8.0, =4.16.8.0, =4.16.8.0, =4.17.4.0 and more Source cves: CVE-2024-29857 Source advisory:...
Unspecified Denial of Service Vulnerability in SAP Adobe Document Services
SAP is a provider of enterprise application software solutions. An unspecified denial of service vulnerability exists in SAP Adobe Document Services. An attacker could exploit this vulnerability to cause a denial of service...