Описание
An attacker authenticated as an administrator can use an exposed webservice to upload or download a custom PDF font file on the system server. Using the upload functionality to copy an internal file into a font file and subsequently using the download functionality to retrieve that file allows the attacker to read any file on the server with no effect on integrity or availability
EPSS
6.8 Medium
CVSS3
Дефекты
Связанные уязвимости
An attacker authenticated as an administrator can use an exposed webservice to upload or download a custom PDF font file on the system server. Using the upload functionality to copy an internal file into a font file and subsequently using the download functionality to retrieve that file allows the attacker to read any file on the server with no effect on integrity or availability
Уязвимость компонента Adobe Document Service программного средства создания и развертывания веб-приложений SAP NetWeaver AS for Java, позволяющая нарушителю оказать воздействие на конфиденциальность защищаемой информации
EPSS
6.8 Medium
CVSS3