CVE-2024-39847

HIGH EPSS 35.7%

Published Apr 30, 20262mo ago · Modified Jun 17, 20261w ago

8.7 CVSS 4.0

High

Published Apr 30, 2026 2mo ago

Last Modified Jun 17, 2026 1w ago

Description

Unauthenticated attackers can exploit a weakness in the XML parser functionality of the SOAP endpoints in 4D server. This allows them to obtain read access to files on the application server and adjacent network shares, and perform HTTP GET requests to arbitrary services.

CVSS Details

Base Score

8.7

Exploitability

—

Impact

—

Vector string

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:Y/R:X/V:X/RE:X/U:X

Attack Vector Network

Attack Complexity Low

Privileges Required None

User Interaction None

Scope X

Threat Intelligence

EPSS Exploit Probability

35.7% percentile

Exploit & Patch Status

Public Exploit Known

No Patch Available

Weaknesses 1

CWE-611

Affected Products 3

Vendor	Product	Version	Range
4d	server	20	any
4d	server	20	any
4d	server	20	any

References 3

seclists.org http://seclists.org/fulldisclosure/2026/May/0
4d.com https://4d.com

Product
schutzwerk.com https://www.schutzwerk.com/en/blog/schutzwerk-sa-2024-002/

ExploitThird Party Advisory

Remediation

No remediation data recorded yet

Check vendor advisories and the NVD entry for patch availability.