redrays-io

4 exploits Active since Sep 2021
CVE-2025-31324 NOMISEC CRITICAL SCANNER
SAP NetWeaver Visual Composer Metadata Uploader - Deserialization
SAP NetWeaver Visual Composer Metadata Uploader is not protected with a proper authorization, allowing unauthenticated agent to upload potentially malicious executable binaries that could severely harm the host system. This could significantly affect the confidentiality, integrity, and availability of the targeted system.
23 stars
CVSS 10.0
CVE-2022-39802 NOMISEC HIGH WRITEUP
SAP Manufacturing Execution 15.1-15.3 - Path Traversal via File Path Request Parameter
SAP Manufacturing Execution - versions 15.1, 15.2, 15.3, allows an attacker to exploit insufficient validation of a file path request parameter. The intended file path can be manipulated to allow arbitrary traversal of directories on the remote server. The file content within each directory can be read which may lead to information disclosure.
3 stars
CVSS 7.5
CVE-2022-41272 NOMISEC CRITICAL WRITEUP
SAP NetWeaver PI <7.50 - Info Disclosure
An unauthenticated attacker over the network can attach to an open interface exposed through JNDI by the User Defined Search (UDS) of SAP NetWeaver Process Integration (PI) - version 7.50 and make use of an open naming and directory API to access services which can be used to perform unauthorized operations affecting users and data across the entire system. This allows the attacker to have full read access to user data, make limited modifications to user data, and degrade the performance of the system, leading to a high impact on confidentiality and a limited impact on the availability and integrity of the application.
3 stars
CVSS 9.9
CVE-2021-33690 NOMISEC CRITICAL WRITEUP
SAP NetWeaver Development Infrastructure Component Build Service 7.11-7.50 - Server-Side Request Forgery
Server-Side Request Forgery (SSRF) vulnerability has been detected in the SAP NetWeaver Development Infrastructure Component Build Service versions - 7.11, 7.20, 7.30, 7.31, 7.40, 7.50The SAP NetWeaver Development Infrastructure Component Build Service allows a threat actor who has access to the server to perform proxy attacks on server by sending crafted queries. Due to this, the threat actor could completely compromise sensitive data residing on the Server and impact its availability.Note: The impact of this vulnerability depends on whether SAP NetWeaver Development Infrastructure (NWDI) runs on the intranet or internet. The CVSS score reflects the impact considering the worst-case scenario that it runs on the internet.
CVSS 9.9