CVE-2024-47579

{"id": "CVE-2024-47579", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "cna@sap.com", "cvssData": {"scope": "CHANGED", "version": "3.1", "baseScore": 6.8, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "HIGH", "confidentialityImpact": "HIGH"}, "impactScore": 4.0, "exploitabilityScore": 2.3}]}, "published": "2024-12-10T01:15:05.817", "references": [{"url": "https://me.sap.com/notes/3536965", "source": "cna@sap.com"}, {"url": "https://url.sap/sapsecuritypatchday", "source": "cna@sap.com"}], "vulnStatus": "Deferred", "weaknesses": [{"type": "Secondary", "source": "cna@sap.com", "description": [{"lang": "en", "value": "CWE-538"}]}], "descriptions": [{"lang": "en", "value": "An attacker authenticated as an administrator can use an exposed webservice to upload or download a custom PDF font file on the system server. Using the upload functionality to copy an internal file into a font file and subsequently using the download functionality to retrieve that file allows the attacker to read any file on the server with no effect on integrity or availability"}, {"lang": "es", "value": "Un atacante autenticado como administrador puede usar un servicio web expuesto para cargar o descargar un archivo de fuente PDF personalizado en el servidor del sistema. El uso de la funci\u00f3n de carga para copiar un archivo interno en un archivo de fuente y, posteriormente, el uso de la funci\u00f3n de descarga para recuperar ese archivo le permite al atacante leer cualquier archivo en el servidor sin afectar la integridad o la disponibilidad."}], "lastModified": "2026-04-15T00:35:42.020", "sourceIdentifier": "cna@sap.com"}