CVE-2024-47579

An attacker authenticated as an administrator can use an exposed webservice to upload or download a custom PDF font file on the system server. Using the upload functionality to copy an internal file into a font file and subsequently using the download functionality to retrieve that file allows the attacker to read any file on the server with no effect on integrity or availability

• https://me.sap.com/notes/3536965
• https://url.sap/sapsecuritypatchday