admin/nvd-json-data-feeds
1
0
Fork 0
mirror of https://github.com/fkie-cad/nvd-json-data-feeds.git synced 2025-05-28 17:21:36 +00:00
Code Issues Packages Projects Releases Wiki Activity
nvd-json-data-feeds/CVE-2024/CVE-2024-475xx/CVE-2024-47579.json
cad-safe-bot 5fc0b01395 Auto-Update: 2024-12-15T03:00:19.262894+00:00
2024-12-15 03:03:56 +00:00

64 lines
2.2 KiB
JSON
Raw Blame History

{
"id": "CVE-2024-47579",
"sourceIdentifier": "cna@sap.com",
"published": "2024-12-10T01:15:05.817",
"lastModified": "2024-12-10T01:15:05.817",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An attacker authenticated as an administrator can use an exposed webservice to upload or download a custom PDF font file on the system server. Using the upload functionality to copy an internal file into a font file and subsequently using the download functionality to retrieve that file allows the attacker to read any file on the server with no effect on integrity or availability"
},
{
"lang": "es",
"value": "Un atacante autenticado como administrador puede usar un servicio web expuesto para cargar o descargar un archivo de fuente PDF personalizado en el servidor del sistema. El uso de la funci\u00f3n de carga para copiar un archivo interno en un archivo de fuente y, posteriormente, el uso de la funci\u00f3n de descarga para recuperar ese archivo le permite al atacante leer cualquier archivo en el servidor sin afectar la integridad o la disponibilidad."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "cna@sap.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N",
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "NONE",
"scope": "CHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE"
},
"exploitabilityScore": 2.3,
"impactScore": 4.0
}
]
},
"weaknesses": [
{
"source": "cna@sap.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-538"
}
]
}
],
"references": [
{
"url": "https://me.sap.com/notes/3536965",
"source": "cna@sap.com"
},
{
"url": "https://url.sap/sapsecuritypatchday",
"source": "cna@sap.com"
}
]
}
Reference in New Issue View Git Blame Copy Permalink