CVE-2024-39847 — HIGH (7.5)

Vulnerability Description

Unauthenticated attackers can exploit a weakness in the XML parser functionality of the SOAP endpoints in 4D server. This allows them to obtain read access to files on the application server and adjacent network shares, and perform HTTP GET requests to arbitrary services.

CVSS Score

7.5

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

HIGH

Integrity

NONE

Availability

NONE

Affected Products

Vendor	Product	Versions
4D	Server	20

Related Weaknesses (CWE)

CWE-611

References

https://4d.comProduct
https://www.schutzwerk.com/en/blog/schutzwerk-sa-2024-002/ExploitThird Party Advisory
http://seclists.org/fulldisclosure/2026/May/0

FAQ

What is CVE-2024-39847?

CVE-2024-39847 is a vulnerability with a CVSS score of 7.5 (HIGH). Unauthenticated attackers can exploit a weakness in the XML parser functionality of the SOAP endpoints in 4D server. This allows them to obtain read access to files on the application server and adjac...

How severe is CVE-2024-39847?

CVE-2024-39847 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2024-39847?

Check the references section above for vendor advisories and patch information. Affected products include: 4D Server.