XML Parser Weakness in 4D Server Exposes Sensitive Data
CVE-2024-39847

8.7HIGH

Key Information:

Vendor: 4d
Status: 4d Server
Vendor: CVE Published:; 30 April 2026

What is CVE-2024-39847?

An identified vulnerability in the XML parser of the SOAP endpoints within 4D Server allows unauthenticated attackers to gain unauthorized read access to files on the application server. This also extends to adjacent network shares, enabling potential attackers to perform HTTP GET requests to arbitrary services. Organizations utilizing 4D Server should assess their exposure to this vulnerability and apply necessary mitigations.

Affected Version(s)

4D Server Windows *

4D Server Windows v20 R7

References

https://www.schutzwerk.com/en/blog/schutzwerk-sa-2024-002/

https://4d.com

product

CVSS V4

Score:

8.7

Severity:

HIGH

Confidentiality:

High

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

None

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Apr 30, 2026
Vulnerability Reserved
Jun 29, 2024

Credit

Marcelo Reyes of SCHUTZWERK GmbH

CVE-2024-39847 Data

JSON