CVE-2024-47578

Name of the Vulnerable Software and Affected Versions: Adobe Document Service (affected versions not specified) SAP NetWeaver AS for Java (affected versions not specified)

Description: The issue is related to a Server-Side Request Forgery vulnerability in Adobe Document Service, which can be exploited by an attacker with administrator privileges to send a crafted request from a vulnerable web application. This vulnerability can be used to target internal systems behind firewalls, allowing the attacker to read or modify any file and/or make the entire system unavailable. The vulnerability is associated with insufficient validation of incoming requests.

Recommendations: For Adobe Document Service, consider disabling the vulnerable component until a patch is available. For SAP NetWeaver AS for Java, apply the critical patch released by SAP to address the vulnerability. As a temporary workaround, restrict access to the vulnerable web application to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.