4 matches found
CVE-2024-47579
An attacker authenticated as an administrator can use an exposed webservice to upload or download a custom PDF font file on the system server. Using the upload functionality to copy an internal file into a font file and subsequently using the download functionality to retrieve that file allows th...
CVE-2024-47579
An attacker authenticated as an administrator can use an exposed webservice to upload or download a custom PDF font file on the system server. Using the upload functionality to copy an internal file into a font file and subsequently using the download functionality to retrieve that file allows th...
CVE-2024-47580
CVE-2024-47580 affects SAP NetWeaver AS Java (Adobe Document Service). An attacker authenticated as an administrator can use an exposed webservice to create a PDF with an embedded attachment; by forcing the file to be an internal server file and downloading the PDF, they can read arbitrary server...
PT-2024-9338 · Sap · Sap Netweaver As Java
Name of the Vulnerable Software and Affected Versions: SAP NetWeaver AS for Java affected versions not specified Description: The issue allows an attacker, authenticated as an administrator, to use an exposed webservice to upload or download a custom PDF font file on the system server. By...