Platform
adobe
Component
adobe-document-services
Opgelost in
7.50.1
CVE-2024-47578 describes a Server-Side Request Forgery (SSRF) vulnerability within Adobe Document Services. This flaw allows an authenticated attacker with administrator privileges to craft malicious requests, potentially bypassing internal network protections. Affected versions include 7.50–ADSSSAP 7.50, and a patch is available in version 7.50.1.
The SSRF vulnerability in Adobe Document Services presents a significant risk, particularly for organizations relying on this service for internal document processing. An attacker exploiting this flaw can initiate requests from the server as if they originated internally, effectively bypassing firewalls and accessing resources that would normally be inaccessible. This could lead to unauthorized access to sensitive data, modification of critical system files, or even a complete denial of service by overwhelming the server with requests. The ability to read or modify any file on the system significantly expands the attack surface and potential damage.
This vulnerability is considered critical due to the potential for widespread impact and the relatively straightforward exploitation path given administrator privileges. While no public exploits have been widely reported, the SSRF nature of the vulnerability makes it a prime target for internal threat actors and automated scanning tools. The vulnerability was publicly disclosed on December 10, 2024. It is not currently listed on the CISA KEV catalog.
Organizations heavily reliant on Adobe Document Services for internal document processing, particularly those with legacy configurations or inadequate network segmentation, are at heightened risk. Environments where administrator privileges are broadly granted or poorly controlled are also particularly vulnerable. Shared hosting environments utilizing Adobe Document Services should be carefully reviewed for potential exposure.
• java / server:
ps -ef | grep "Adobe Document Services"• java / server:
journalctl -u adobe-document-services -f | grep "Server-Side Request"• generic web:
curl -I https://<your_document_services_url>/internal_resource• generic web:
grep -r "http://internal.server/" /var/log/apache2/access.logdisclosure
Exploit Status
EPSS
0.17% (38% percentiel)
CISA SSVC
CVSS-vector
The primary mitigation for CVE-2024-47578 is to immediately upgrade Adobe Document Services to version 7.50.1 or later. If upgrading is not immediately feasible, consider implementing strict network segmentation to limit the potential impact of a successful SSRF attack. Implement robust input validation and sanitization on all user-supplied data to prevent malicious requests. Monitor network traffic for unusual outbound requests originating from the Adobe Document Services server. After upgrading, confirm the fix by attempting to trigger the SSRF vulnerability with a known payload and verifying that the request is blocked.
Pas de beveiligingspatch toe die door SAP wordt geleverd in nota 3536965 om de Server-Side Request Forgery kwetsbaarheid te verhelpen. Zorg ervoor dat het SAP NetWeaver AS for JAVA (Adobe Document Services) systeem is bijgewerkt naar de laatste beschikbare versie. Beperk de toegang tot de kwetsbare webapplicatie en controleer de beveiligingsconfiguraties.
Kwetsbaarheidsanalyses en kritieke waarschuwingen direct in uw inbox.
CVE-2024-47578 is a critical Server-Side Request Forgery vulnerability in Adobe Document Services affecting versions 7.50–ADSSSAP 7.50, allowing attackers with admin privileges to initiate requests from the server.
If you are running Adobe Document Services versions 7.50–ADSSSAP 7.50, you are potentially affected by this vulnerability. Check your version and upgrade immediately.
Upgrade Adobe Document Services to version 7.50.1 or later to remediate the SSRF vulnerability. Implement network segmentation as a temporary workaround.
While no widespread exploitation has been publicly confirmed, the SSRF nature of the vulnerability makes it a likely target for attackers. Proactive patching is essential.
Refer to the official Adobe Security Bulletin for CVE-2024-47578: [https://www.adobe.com/security/advisories/AdobeSecurityBulletinforAdobeDocumentServices.pdf](https://www.adobe.com/security/advisories/AdobeSecurityBulletinforAdobeDocumentServices.pdf)
Upload je dependency-bestand en kom direct te weten of deze en andere CVEs jou raken.