Unrated severityNVD Advisory· Published Apr 1, 2014· Updated May 6, 2026
CVE-2014-2034
CVE-2014-2034
Description
Unspecified vulnerability in Sonatype Nexus OSS and Pro 2.4.0 through 2.7.1 allows attackers to create arbitrary user accounts via unknown vectors related to "an unauthenticated execution path."
Affected products
19cpe:2.3:a:sonatype:nexus:2.4.0:*:*:*:open_source:*:*:*+ 18 more
- cpe:2.3:a:sonatype:nexus:2.4.0:*:*:*:open_source:*:*:*
- cpe:2.3:a:sonatype:nexus:2.6.4:*:*:*:open_source:*:*:*
- cpe:2.3:a:sonatype:nexus:2.6.4:*:*:*:professional:*:*:*
- cpe:2.3:a:sonatype:nexus:2.6.5:*:*:*:professional:*:*:*
- cpe:2.3:a:sonatype:nexus:2.7.0:*:*:*:open_source:*:*:*
- cpe:2.3:a:sonatype:nexus:2.7.0:*:*:*:professional:*:*:*
- cpe:2.3:a:sonatype:nexus:2.7.1:*:*:*:open_source:*:*:*
- cpe:2.3:a:sonatype:nexus:2.7.1:*:*:*:professional:*:*:*
- cpe:2.3:a:sonatype:nexus:2.4.0:*:*:*:professional:*:*:*
- cpe:2.3:a:sonatype:nexus:2.5.0:*:*:*:open_source:*:*:*
- cpe:2.3:a:sonatype:nexus:2.5.0:*:*:*:professional:*:*:*
- cpe:2.3:a:sonatype:nexus:2.6.0:*:*:*:open_source:*:*:*
- cpe:2.3:a:sonatype:nexus:2.6.0:*:*:*:professional:*:*:*
- cpe:2.3:a:sonatype:nexus:2.6.1:*:*:*:open_source:*:*:*
- cpe:2.3:a:sonatype:nexus:2.6.1:*:*:*:professional:*:*:*
- cpe:2.3:a:sonatype:nexus:2.6.2:*:*:*:open_source:*:*:*
- cpe:2.3:a:sonatype:nexus:2.6.2:*:*:*:professional:*:*:*
- cpe:2.3:a:sonatype:nexus:2.6.3:*:*:*:open_source:*:*:*
- cpe:2.3:a:sonatype:nexus:2.6.3:*:*:*:professional:*:*:*
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
5- secunia.com/advisories/57142nvdVendor Advisory
- www.sonatype.org/advisories/archive/2014-03-03-NexusnvdVendor Advisory
- support.sonatype.com/entries/42374566-CVE-2014-2034-Nexus-Security-Advisory-REST-APInvdVendor Advisory
- www.osvdb.org/104049nvd
- www.securityfocus.com/bid/65956nvd
News mentions
0No linked articles in our index yet.