CVE-2024-39334
📋 TL;DR
MENDELSON AS4 client software before version 2024 B376 has a deserialization vulnerability where malicious XML data from a trading partner can trigger arbitrary file writes on the victim's computer when transaction details are viewed. This affects all users running vulnerable client versions. The server component is not vulnerable.
💻 Affected Systems
- MENDELSON AS4 Client
⚠️ Manual Verification Required
This CVE does not have specific version information in our database, so automatic vulnerability detection cannot determine if your system is affected.
Why? The CVE database entry doesn't specify which versions are vulnerable (no version ranges provided by the vendor/NVD).
🔒 Custom verification scripts are available for registered users. Sign up free to download automated test scripts.
- Review the CVE details at NVD
- Check vendor security advisories for your specific version
- Test if the vulnerability is exploitable in your environment
- Consider updating to the latest version as a precaution
⚠️ Risk & Real-World Impact
Worst Case
An attacker could write malicious files to the victim's system, potentially leading to remote code execution, data theft, or system compromise.
Likely Case
An attacker with access to the trading partner network could deliver malicious XML payloads that write files to client systems, potentially deploying malware or stealing credentials.
If Mitigated
With proper network segmentation and client hardening, impact is limited to isolated client systems without critical data.
🎯 Exploit Status
Exploitation requires the victim to open transaction details containing malicious XML. Attacker needs ability to send XML data as a trading partner.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: 2024 B376 or later
Vendor Advisory: https://mendelson-e-c.com/node/27845
Restart Required: Yes
Instructions:
1. Download latest version from vendor website. 2. Backup configuration. 3. Install update. 4. Restart AS4 client services.
🔧 Temporary Workarounds
Restrict Trading Partner Access
allLimit which trading partners can send XML data to only trusted entities
Client Application Control
windowsImplement application whitelisting to prevent unauthorized file writes
🧯 If You Can't Patch
- Implement strict network segmentation between trading partner networks and client systems
- Configure client systems with minimal user privileges and restrict write permissions to sensitive directories
🔍 How to Verify
Check if Vulnerable:
Check AS4 client version in Help > About menu. If version is earlier than 2024 B376, system is vulnerable.Check Version:
Not applicable - check via GUI Help > About menuVerify Fix Applied:
Confirm version shows 2024 B376 or later in Help > About menu. Test with known safe XML transactions.📡 Detection & Monitoring
Log Indicators:
- Unusual file write operations from AS4 client process
- Large or malformed XML transactions from trading partners
Network Indicators:
- Unusual XML payloads in AS4 protocol traffic
- Suspicious trading partner connections
SIEM Query:
process_name:"as4client.exe" AND file_write_operation:* AND NOT file_path:"C:\\Program Files\\MENDELSON\\*"