SAP fixed critical SSRF flaw in NetWeaver’s Adobe Document Services

SAP has issued patches for 16 vulnerabilities, including a critical SSRF flaw in NetWeaver’s Adobe Document Services.

SAP addressed 16 vulnerabilities as part of its December 2024 Security Patch Day. The company released nine new and four updated security notes.

The most severe of these vulnerabilities is a critical issue, tracked as CVE-2024-47578 (CVSS score of 9.1), in the Adobe Document Service component of NetWeaver. An attacker with administrative privileges can exploit the vulnerability to send a crafted request from a vulnerable web application. Successful exploitation can allow attackers to read or modify any file and/or make the entire system unavailable.

The vulnerability impacts versions ADSSSAP 7.50.

“Adobe Document Service allows an attacker with administrator privileges to send a crafted request from a vulnerable web application. It is usually used to target internal systems behind firewalls that are normally inaccessible to an attacker from the external network, resulting in a Server-Side Request Forgery vulnerability.” reads the advisory. “On successful exploitation, the attacker can read or modify any file and/or make the entire system unavailable.”

The company also addressed other two vulnerabilities, tracked as CVE-2024-47579 and CVE-2024-47580, as part of the same security notes that was labeled as ‘hot news’.

Bot vulnerabilities are medium-severity issues that could be exploited by an attacker with administrative access to read files on the server.

“These vulnerabilities, tracked as CVE-2024-47578, CVE-2024-47579, and CVE-2024-47580, collectively expose organizations to potential server-side request forgery (SSRF), unauthorized file access, and information disclosure.” reads the analysis published by Onapsis.

SAP also addressed a Cross-Site Scripting (XSS) vulnerability (CVSS score of 8.8), tracked as CVE-2024-47590, in Web Dispatcher.

The company fixed an Information Disclosure vulnerability through Remote Function Call (RFC), tracked as CVE-2024-54198 (CVSS score of 8.5) in SAP NetWeaver Application Server ABAP

The company is not aware of attacks in the wild exploiting one of the issues addressed with the release of December 2024 Security Patch Day.

Source

Leave a Comment Cancel Reply

London, GB

5:19 am, Apr 22, 2025

7°C

L: 5° | H: 8°

Feels like 7°C° overcast clouds

Humidity: 90 %

Pressure: 1015 mb

Wind: 1 mph WNW

Wind Gust: 3 mph

UV Index: 0

Precipitation: 0 mm

Clouds: 98%

Rain Chance: 0%

Visibility: 10 km

Sunrise: 5:49 am

Sunset: 8:07 pm

DailyHourly

Daily ForecastHourly Forecast

Today 10:00 pm

5° | 8°°C 0 mm 0% 10 mph 91 % 1017 mb 0 mm/h

Tomorrow 10:00 pm

8° | 10°°C 1 mm 100% 13 mph 94 % 1018 mb 0 mm/h

Thu Apr 24 10:00 pm

8° | 13°°C 0 mm 0% 4 mph 88 % 1022 mb 0 mm/h

Fri Apr 25 10:00 pm

10° | 17°°C 0 mm 0% 8 mph 90 % 1021 mb 0 mm/h

Sat Apr 26 10:00 pm

10° | 17°°C 1 mm 100% 14 mph 94 % 1021 mb 0 mm/h

Today 7:00 am

7° | 7°°C 0 mm 0% 4 mph 91 % 1015 mb 0 mm/h

Today 10:00 am

10° | 12°°C 0 mm 0% 7 mph 79 % 1016 mb 0 mm/h

Today 1:00 pm

16° | 16°°C 0 mm 0% 8 mph 42 % 1017 mb 0 mm/h

Today 4:00 pm

16° | 16°°C 0 mm 0% 10 mph 44 % 1016 mb 0 mm/h

Today 7:00 pm

13° | 13°°C 0 mm 0% 10 mph 59 % 1016 mb 0 mm/h

Today 10:00 pm

10° | 10°°C 0 mm 0% 7 mph 77 % 1016 mb 0 mm/h

Tomorrow 1:00 am

10° | 10°°C 0 mm 0% 7 mph 79 % 1014 mb 0 mm/h

Tomorrow 4:00 am

9° | 9°°C 1 mm 100% 11 mph 94 % 1011 mb 0 mm/h

Name	Price	24H (%)
Bitcoin(BTC)	€76,585.23	1.19%
Ethereum(ETH)	€1,374.31	-3.19%
Tether(USDT)	€0.87	0.00%
XRP(XRP)	€1.81	-1.24%
Solana(SOL)	€120.82	-0.22%
USDC(USDC)	€0.87	0.00%
Dogecoin(DOGE)	€0.139945	0.73%
Shiba Inu(SHIB)	€0.000010	-1.37%
Pepe(PEPE)	€0.000007	3.03%

SAP fixed critical SSRF flaw in NetWeaver’s Adobe Document Services

Share:

SAP has issued patches for 16 vulnerabilities, including a critical SSRF flaw in NetWeaver’s Adobe Document Services.

Leave a Comment Cancel Reply

Utility link

Useful link

Newsletter

Follow Us