What is CVE-2024-39847?

CVE-2024-39847 is a high-severity vulnerability in 4d Server, classified under Improper Restriction of XML External Entity Reference (XXE). CVSS score: 7.5/10. Published 2026-04-30.

How severe is CVE-2024-39847?

High severity. CVSS v3 base score is 7.5 out of 10.

XXE in 4d Server

CVE-2024-39847

Unauthenticated attackers can exploit a weakness in the XML parser functionality of the SOAP endpoints in 4D server. This allows them to obtain read access to files on the application server and adjacent network shares, and perform HTTP GE…

Vulnerability class: XXE (XML External Entity)

EPSS: 0.000 (5.5th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 7.5 (High). Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N.

Affected products

4d Server — versions v20 R4, v20 R7
4d Server — versions 20

Weakness classification (CWE)

CWE-611 — Improper Restriction of XML External Entity Reference (XXE)

References

23637b5d-af4c-4cf9-b8f6-deb7fd0f8423 (Exploit, Third Party Advisory)
23637b5d-af4c-4cf9-b8f6-deb7fd0f8423 (Product, product)
af854a3a-2127-422b-91ae-364da2661108

Frequently asked questions

What is CVE-2024-39847?: CVE-2024-39847 is a high-severity vulnerability in 4d Server, classified under Improper Restriction of XML External Entity Reference (XXE). CVSS score: 7.5/10. Published 2026-04-30.
How severe is CVE-2024-39847?: High severity. CVSS v3 base score is 7.5 out of 10.