CVE-2024-47579
CVSS 3.1 Score 6.8 of 10 (medium)
Details
Published Dec 10, 2024
CWE ID 538
Summary
CVE-2024-47579 is a vulnerability that allows administrators with access to an exposed webservice to upload custom PDF font files. By uploading a file containing a copied internal file disguised as a font, an attacker can then download the internal file, gaining unauthorized access to read any file on the server. This vulnerability poses a significant risk to data confidentiality without affecting integrity or availability.
Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.
Share