4 matches found
CVE-2024-47580
An attacker authenticated as an administrator can use an exposed webservice to create a PDF with an embedded attachment. By specifying the file to be an internal server file and subsequently downloading the generated PDF, the attacker can read any file on the server with no effect on integrity or...
CVE-2024-47580
An attacker authenticated as an administrator can use an exposed webservice to create a PDF with an embedded attachment. By specifying the file to be an internal server file and subsequently downloading the generated PDF, the attacker can read any file on the server with no effect on integrity or...
CVE-2024-47580
creationtimestamp| type| source ---|---|--- 2024-12-10 00:50:43+00:00| seen| https://infosec.exchange/users/cve/statuses/113625782201988792 2024-12-10 03:15:44+00:00| seen| https://t.me/cvedetector/12469...
CVE-2024-47580
CVE-2024-47580 affects SAP NetWeaver AS Java (Adobe Document Service). An attacker authenticated as an administrator can use an exposed webservice to create a PDF with an embedded attachment; by forcing the file to be an internal server file and downloading the PDF, they can read arbitrary server...