Skip to content
CVSS 7.5 · HIGH

CVE-2024-39847

Unauthenticated attackers can exploit a weakness in the XML parser functionality of the SOAP endpoints in 4D server. This allows them to obtain read access to files on the application server and adjacent network shares, and perform HTTP GET requests to arbitrary services.

Ver en NVD

Análisis

4D Server is a niche enterprise database platform not commonly used in the community stack. Although this unauthenticated XXE vulnerability allows for local file disclosure and SSRF, its limited deployment makes it a low priority for this feed.

Severidad

Puntaje: 7.5(HIGH)
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
AV: NETWORK
AC: LOW
PR: NONE
UI: NONE
S: UNCHANGED
C: HIGH
I: NONE
A: NONE
Tipo de falla (CWE): CWE-611

EPSS

Probabilidad de explotación (próx. 30 días): 0.0005 (0.1%)
Percentil: 15.4%
EPSS: 2026-05-06

Afecta

4d:server

Descripción técnica

Unauthenticated attackers can exploit a weakness in the XML parser functionality of the SOAP endpoints in 4D server. This allows them to obtain read access to files on the application server and adjacent network shares, and perform HTTP GET requests to arbitrary services.

Publicada: 30/4/2026, 7:16:36
Última modificación: 5/5/2026, 2:51:27

Referencias

InicioEventosBlogRecursosEquipo