How severe is CVE-2024-47579?

CVE-2024-47579 has a CVSS v3 score of 6.8 (MEDIUM).

CVE-2024-47579

6.8MEDIUM

An attacker authenticated as an administrator can use an exposed webservice to upload or download a custom PDF font file on the system server. Using the upload functionality to copy an internal file

Veröffentlicht: 12/10/2024Aktualisiert: 12/10/2024

Beschreibung

An attacker authenticated as an administrator can use an exposed webservice to upload or download a custom PDF font file on the system server. Using the upload functionality to copy an internal file into a font file and subsequently using the download functionality to retrieve that file allows the attacker to read any file on the server with no effect on integrity or availability

KI-AnalyseKI-gestützt

Referenzen

https://me.sap.com/notes/3536965
https://url.sap/sapsecuritypatchday