- Description
- Unauthenticated attackers can exploit a weakness in the XML parser functionality of the SOAP endpoints in 4D server. This allows them to obtain read access to files on the application server and adjacent network shares, and perform HTTP GET requests to arbitrary services.
- Source
- 23637b5d-af4c-4cf9-b8f6-deb7fd0f8423
- NVD status
- Modified
- Products
- server
CVSS 4.0
- Type
- Secondary
- Base score
- 8.7
- Impact score
- -
- Exploitability score
- -
- Vector string
- CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:Y/R:X/V:X/RE:X/U:X
- Severity
- HIGH
CVSS 3.1
- Type
- Primary
- Base score
- 7.5
- Impact score
- 3.6
- Exploitability score
- 3.9
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
- Severity
- HIGH
- 23637b5d-af4c-4cf9-b8f6-deb7fd0f8423
- CWE-611
- Hype score
- Not currently trending
🚨 HIGH: CVE-2024-39847 (CVSS 7.5) - Unauthenticated XXE in 4D Server SOAP endpoints allows file read access & SSRF. No authentication required. Patch immediately. #CVE #PatchNow #ThreatIntel https://t.co/nHaAIxC97J
@DFIR_Lab
29 May 2026
33 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2024-39847 Unauthenticated XML Parser Vulnerability in 4D Server SOAP Endpoi... https://t.co/HeSmoDyxsT Vulnerability Alert Subscriptions: https://t.co/hrQhy5uz4x
@VulmonFeeds
30 Apr 2026
30 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
[
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:4d:server:20:r3:*:*:*:*:*:*",
"matchCriteriaId": "7CB9D8C6-82C3-4C82-92CC-36E27D0AEBC6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:4d:server:20:r4:*:*:*:*:*:*",
"matchCriteriaId": "B1C45F4F-AE28-4B0D-BCCC-648953FC9772",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:4d:server:20:r6:*:*:*:*:*:*",
"matchCriteriaId": "5512EA72-DE0B-4A44-AD7D-F8D277541F65",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
]