CVE-2024-39847
CVE-2024-39847 describes an XXE-like weakness in the XML parser of the 4D Server SOAP endpoints. Unauthenticated attackers can read files on the application server and adjacent network shares, and can issue HTTP GET requests to arbitrary services. The connected documents confirm the vulnerability...