Platform
adobe
Component
adobe-document-services
Fixed in
7.50.1
CVE-2024-47578 describes a Server-Side Request Forgery (SSRF) vulnerability within Adobe Document Services. This flaw allows an authenticated attacker with administrator privileges to craft malicious requests, potentially bypassing internal network protections. Affected versions include 7.50–ADSSSAP 7.50, and a patch is available in version 7.50.1.
The SSRF vulnerability in Adobe Document Services presents a significant risk, particularly for organizations relying on this service for internal document processing. An attacker exploiting this flaw can initiate requests from the server as if they originated internally, effectively bypassing firewalls and accessing resources that would normally be inaccessible. This could lead to unauthorized access to sensitive data, modification of critical system files, or even a complete denial of service by overwhelming the server with requests. The ability to read or modify any file on the system significantly expands the attack surface and potential damage.
This vulnerability is considered critical due to the potential for widespread impact and the relatively straightforward exploitation path given administrator privileges. While no public exploits have been widely reported, the SSRF nature of the vulnerability makes it a prime target for internal threat actors and automated scanning tools. The vulnerability was publicly disclosed on December 10, 2024. It is not currently listed on the CISA KEV catalog.
Exploit Status
EPSS
0.17% (38% percentile)
CISA SSVC
CVSS Vector
The primary mitigation for CVE-2024-47578 is to immediately upgrade Adobe Document Services to version 7.50.1 or later. If upgrading is not immediately feasible, consider implementing strict network segmentation to limit the potential impact of a successful SSRF attack. Implement robust input validation and sanitization on all user-supplied data to prevent malicious requests. Monitor network traffic for unusual outbound requests originating from the Adobe Document Services server. After upgrading, confirm the fix by attempting to trigger the SSRF vulnerability with a known payload and verifying that the request is blocked.
Apply the security patch provided by SAP in note 3536965 to correct the Server-Side Request Forgery vulnerability. Ensure that the SAP NetWeaver AS for JAVA (Adobe Document Services) system is updated to the latest available version. Restrict access to the vulnerable web application and review security configurations.
Vulnerability analysis and critical alerts directly to your inbox.
CVE-2024-47578 is a critical Server-Side Request Forgery vulnerability in Adobe Document Services affecting versions 7.50–ADSSSAP 7.50, allowing attackers with admin privileges to initiate requests from the server.
If you are running Adobe Document Services versions 7.50–ADSSSAP 7.50, you are potentially affected by this vulnerability. Check your version and upgrade immediately.
Upgrade Adobe Document Services to version 7.50.1 or later to remediate the SSRF vulnerability. Implement network segmentation as a temporary workaround.
While no widespread exploitation has been publicly confirmed, the SSRF nature of the vulnerability makes it a likely target for attackers. Proactive patching is essential.
Refer to the official Adobe Security Bulletin for CVE-2024-47578: [https://www.adobe.com/security/advisories/AdobeSecurityBulletinforAdobeDocumentServices.pdf](https://www.adobe.com/security/advisories/AdobeSecurityBulletinforAdobeDocumentServices.pdf)
Upload your dependency file and we'll tell you instantly if this and other CVEs hit you.