CVE-2024-47579

Name of the Vulnerable Software and Affected Versions: SAP NetWeaver AS for Java (affected versions not specified)

Description: The issue allows an attacker, authenticated as an administrator, to use an exposed webservice to upload or download a custom PDF font file on the system server. By exploiting the upload functionality to copy an internal file into a font file and then using the download functionality to retrieve that file, the attacker can read any file on the server without affecting integrity or availability. This can lead to a leak of information about files and directories, potentially impacting the confidentiality of protected information.

Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability.