CVE-2024-47580
CVSS 3.1 Score 6.8 of 10 (medium)
Details
Summary
CVE-2024-47580 is a newly disclosed vulnerability that allows administrators with access to a specific webservice to create and download maliciously crafted PDF files. By embedding an internal server file into the PDF, attackers can potentially gain unauthorized access to read any file on the server. This vulnerability does not impact the system's integrity or availability, making it a significant risk for data breaches. Attackers must first authenticate as administrators to exploit this vulnerability, but the potential impact is significant due to the ability to read sensitive information from the server. Organizations should apply the necessary patches as soon as possible to mitigate this risk.
Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.