CVE-2024-39847

Summary

Unauthenticated attackers can exploit a weakness in the XML parser functionality of the SOAP endpoints in 4D server. This allows them to obtain read access to files on the application server and adjacent network shares, and perform HTTP GET requests to arbitrary services.

Affected Software

VendorProductVersion RangeStatus
4D4D Server* <= v20 R3affected
4D4D Serverv20 R4 <= v20 R6unknown
4D4D Serverv20 R7unaffected

Weaknesses

  • CWE-611: CWE-611 Improper Restriction of XML External Entity Reference

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: yes
    • Technical Impact: partial

CVE Program Container

Additional References

References