Vendor CVEs
Sonatype
All CVEs
55 total · sorted by risk| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2017-17717 | Cri | 0.64 | 9.8 | 0.01 | Dec 17, 2017 | Sonatype Nexus Repository Manager through 2.14.5 has weak password encryption with a hardcoded CMMDwoV value in the LDAP integration feature. | ||
| CVE-2026-3199 | Cri | 0.61 | — | 0.00 | Apr 8, 2026 | A vulnerability in the task management component of Sonatype Nexus Repository versions 3.22.1 through 3.90.2 allows an authenticated attacker with task creation permissions to execute arbitrary code, bypassing the nexus.scripts.allowCreation security control. | ||
| CVE-2026-5189 | Cri | 0.60 | — | 0.00 | Apr 15, 2026 | CWE-798: Use of Hard-coded Credentials in Sonatype Nexus Repository Manager versions 3.0.0 through 3.70.5 allows an unauthenticated attacker with network access to gain unauthorized read/write access to the internal database and execute arbitrary OS commands as the Nexus process… | ||
| CVE-2024-4956 | Hig | 0.59 | 7.5 | 0.18 | May 16, 2024 | Path Traversal in Sonatype Nexus Repository 3 allows an unauthenticated attacker to read system files. Fixed in version 3.68.1. | ||
| CVE-2026-3329 | Hig | 0.57 | — | 0.01 | Jun 11, 2026 | A remote unauthenticated attacker may be able to conduct credential-guessing attacks against user accounts in Sonatype Nexus Repository via authentication endpoints. | ||
| CVE-2025-9868 | Hig | 0.57 | — | 0.00 | Oct 8, 2025 | Server-Side Request Forgery (SSRF) in the Remote Browser Plugin in Sonatype Nexus Repository 2.x up to and including 2.15.2 allows unauthenticated remote attackers to exfiltrate proxy repository credentials via crafted HTTP requests. | ||
| CVE-2026-10748 | Hig | 0.56 | — | 0.00 | Jun 16, 2026 | An authenticated user with the nx-licensing-create privilege can upload a specially crafted license file to execute arbitrary operating system commands as the Nexus process user in Sonatype Nexus Repository 3 versions before 3.92.0. | ||
| CVE-2014-9885 | Hig | 0.51 | 7.8 | 0.00 | Aug 6, 2016 | Format string vulnerability in drivers/thermal/qpnp-adc-tm.c in the Qualcomm components in Android before 2016-08-05 on Nexus 5 devices allows attackers to gain privileges via a crafted application that provides format string specifiers in a name, aka Android internal bug… | ||
| CVE-2014-9877 | Hig | 0.51 | 7.8 | 0.00 | Aug 6, 2016 | drivers/media/platform/msm/camera_v2/sensor/actuator/msm_actuator.c in the Qualcomm components in Android before 2016-08-05 on Nexus 5 and 7 (2013) devices mishandles a user-space pointer, which allows attackers to gain privileges via a crafted application, aka Android internal… | ||
| CVE-2024-5082 | Hig | 0.47 | — | 0.02 | Nov 14, 2024 | A Remote Code Execution vulnerability has been discovered in Sonatype Nexus Repository 2. This issue affects Nexus Repository 2 OSS/Pro versions up to and including 2.15.1. | ||
| CVE-2026-0600 | Med | 0.40 | — | 0.00 | Jan 14, 2026 | Server-Side Request Forgery (SSRF) vulnerability in Sonatype Nexus Repository 3 versions 3.0.0 and later allows authenticated administrators to configure proxy repositories with URLs that can access unintended network destinations, potentially including cloud metadata services… | ||
| CVE-2018-5307 | Med | 0.40 | 6.1 | 0.01 | Feb 9, 2018 | Multiple cross-site scripting (XSS) vulnerabilities in Sonatype Nexus Repository Manager (aka NXRM) 2.x before 2.14.6 allow remote attackers to inject arbitrary web script or HTML via (1) the repoId or (2) format parameter to service/siesta/healthcheck/healthCheckFileDetail/.../i… | ||
| CVE-2018-5306 | Med | 0.40 | 6.1 | 0.01 | Feb 9, 2018 | Multiple cross-site scripting (XSS) vulnerabilities in Sonatype Nexus Repository Manager (aka NXRM) 3.x before 3.8 allow remote attackers to inject arbitrary web script or HTML via (1) the repoId or (2) format parameter to service/siesta/healthcheck/healthCheckFileDetail/.../inde… | ||
| CVE-2024-1142 | Med | 0.35 | 5.4 | 0.01 | Mar 21, 2024 | Path Traversal in Sonatype IQ Server from version 143 allows remote authenticated attackers to overwrite or delete files via a specially crafted request. Version 171 fixes this issue. | ||
| CVE-2026-7308 | Med | 0.33 | — | 0.00 | May 11, 2026 | An authenticated user with upload permission to a hosted repository can store content that causes arbitrary JavaScript to execute in the browser of any user who browses that repository directory via the HTML index page in Sonatype Nexus Repository versions 3.6.0 through versions… | ||
| CVE-2026-3048 | Med | 0.33 | — | 0.00 | May 11, 2026 | An authenticated administrator who configures or tests LDAP connectivity in Sonatype Nexus Repository Manager versions 3.0.0 through 3.91.1 may be able to initiate unintended server-side connections when interacting with a malicious LDAP server. | ||
| CVE-2026-3438 | Med | 0.33 | — | 0.00 | Apr 8, 2026 | A reflected cross-site scripting vulnerability exists in Sonatype Nexus Repository versions 3.0.0 through 3.90.2 that allows unauthenticated remote attackers to execute arbitrary JavaScript in a victim's browser through a specially crafted URL. Exploitation requires user… | ||
| CVE-2026-0601 | Med | 0.33 | — | 0.00 | Jan 14, 2026 | A reflected cross-site scripting vulnerability exists in Nexus Repository 3 that allows unauthenticated attackers to execute arbitrary JavaScript in a victim's browser through a specially crafted request requiring user interaction. | ||
| CVE-2024-5083 | Med | 0.33 | — | 0.00 | Nov 14, 2024 | A stored Cross-site Scripting vulnerability has been discovered in Sonatype Nexus Repository 2 This issue affects Nexus Repository 2 OSS/Pro versions up to and including 2.15.1. | ||
| CVE-2018-12100 | Med | 0.31 | 4.8 | 0.01 | Jun 11, 2018 | Sonatype Nexus Repository Manager versions 3.x before 3.12.0 has XSS in multiple areas in the Administration UI. | ||
| CVE-2019-7238 | 0.13 | — | 0.77 | KEV | Mar 21, 2019 | Sonatype Nexus Repository Manager before 3.15.0 has Incorrect Access Control. | ||
| CVE-2020-11444 | 0.05 | — | 0.09 | Apr 2, 2020 | Sonatype Nexus Repository Manager 3.x up to and including 3.21.2 has Incorrect Access Control. | |||
| CVE-2019-15588 | 0.01 | — | 0.06 | Nov 1, 2019 | There is an OS Command Injection in Nexus Repository Manager <= 2.14.14 (bypass CVE-2019-5475) that could allow an attacker a Remote Code Execution (RCE). All instances using CommandLineExecutor.java with user-supplied data is vulnerable, such as the Yum Configuration Capability. | |||
| CVE-2026-10741 | 0.00 | — | 0.00 | Jun 17, 2026 | Sonatype Nexus Repository Manager before 3.93.0 contains an authorization vulnerability in the proxy repository configuration that allows a delegated repository administrator to disclose stored upstream proxy credentials. | |||
| CVE-2024-5764 | 0.00 | — | 0.00 | Oct 23, 2024 | Use of Hard-coded Credentials vulnerability in Sonatype Nexus Repository has been discovered in the code responsible for encrypting any secrets stored in the Nexus Repository configuration database (SMTP or HTTP proxy credentials, user tokens, tokens, among others). The affected… | |||
| CVE-2022-27907 | 0.00 | — | 0.01 | Mar 30, 2022 | Sonatype Nexus Repository Manager 3.x before 3.38.0 allows SSRF. | |||
| CVE-2021-43961 | 0.00 | — | 0.01 | Mar 17, 2022 | Sonatype Nexus Repository Manager 3.36.0 allows HTML Injection. | |||
| CVE-2021-43293 | 0.00 | — | 0.01 | Nov 4, 2021 | Sonatype Nexus Repository Manager 3.x before 3.36.0 allows a remote authenticated attacker to potentially perform network enumeration via Server Side Request Forgery (SSRF). | |||
| CVE-2021-42568 | 0.00 | — | 0.00 | Nov 2, 2021 | Sonatype Nexus Repository Manager 3.x through 3.35.0 allows attackers to access the SSL Certificates Loading function via a low-privileged account. | |||
| CVE-2021-37152 | 0.00 | — | 0.24 | Aug 10, 2021 | Multiple XSS issues exist in Sonatype Nexus Repository Manager 3 before 3.33.0. An authenticated attacker with the ability to add HTML files to a repository could redirect users to Nexus Repository Manager’s pages with code modifications. | |||
| CVE-2021-37163 | 0.00 | — | 0.01 | Aug 2, 2021 | An insecure permissions issue was discovered in HMI3 Control Panel in Swisslog Healthcare Nexus operated by released versions of software before Nexus Software 7.2.5.7. The device has two user accounts with passwords that are hardcoded. | |||
| CVE-2021-34553 | 0.00 | — | 0.04 | Jun 17, 2021 | Sonatype Nexus Repository Manager 3.x before 3.31.0 allows a remote authenticated attacker to get a list of blob files and read the content of a blob file (via a GET request) without having been granted access. | |||
| CVE-2021-29159 | 0.00 | — | 0.01 | Apr 28, 2021 | A cross-site scripting (XSS) vulnerability has been discovered in Nexus Repository Manager 3.x before 3.30.1. An attacker with a local account can create entities with crafted properties that, when viewed by an administrator, can execute arbitrary JavaScript in the context of… | |||
| CVE-2021-30635 | 0.00 | — | 0.02 | Apr 27, 2021 | Sonatype Nexus Repository Manager 3.x before 3.30.1 allows a remote attacker to get a list of files and directories that exist in a UI-related folder via directory traversal (no customer-specific data is exposed). | |||
| CVE-2021-29158 | 0.00 | — | 0.01 | Apr 23, 2021 | Sonatype Nexus Repository Manager 3 Pro up to and including 3.30.0 has Incorrect Access Control. | |||
| CVE-2020-29436 | 0.00 | — | 0.01 | Dec 17, 2020 | Sonatype Nexus Repository Manager 3.x before 3.29.0 allows a user with admin privileges to configure the system to gain access to content outside of NXRM via an XXE vulnerability. Fixed in version 3.29.0. | |||
| CVE-2020-15012 | 0.00 | — | 0.03 | Oct 12, 2020 | A Directory Traversal issue was discovered in Sonatype Nexus Repository Manager 2.x before 2.14.19. A user that requests a crafted path can traverse up the file system to get access to content on disk (that the user running nxrm also has access to). | |||
| CVE-2020-24622 | 0.00 | — | 0.01 | Aug 25, 2020 | In Sonatype Nexus Repository 3.26.1, an S3 secret key can be exposed by an admin user. | |||
| CVE-2020-15868 | 0.00 | — | 0.01 | Aug 12, 2020 | Sonatype Nexus Repository Manager OSS/Pro before 3.26.0 has Incorrect Access Control. | |||
| CVE-2020-15871 | 0.00 | — | 0.02 | Jul 31, 2020 | Sonatype Nexus Repository Manager OSS/Pro version before 3.25.1 allows Remote Code Execution. | |||
| CVE-2020-15869 | 0.00 | — | 0.01 | Jul 31, 2020 | Sonatype Nexus Repository Manager OSS/Pro versions before 3.25.1 allow XSS (issue 1 of 2). | |||
| CVE-2020-15870 | 0.00 | — | 0.01 | Jul 31, 2020 | Sonatype Nexus Repository Manager OSS/Pro versions before 3.25.1 allow XSS (Issue 2 of 2). | |||
| CVE-2020-11415 | 0.00 | — | 0.01 | Apr 27, 2020 | An issue was discovered in Sonatype Nexus Repository Manager 2.x before 2.14.17 and 3.x before 3.22.1. Admin users can retrieve the LDAP server system username/password (as configured in nxrm) in cleartext. | |||
| CVE-2020-11753 | 0.00 | — | 0.02 | Apr 20, 2020 | An issue was discovered in Sonatype Nexus Repository Manager in versions 3.21.1 and 3.22.0. It is possible for a user with appropriate privileges to create, modify, and execute scripting tasks without use of the UI or API. NOTE: in 3.22.0, scripting is disabled by default… | |||
| CVE-2019-15893 | 0.00 | — | 0.02 | Oct 16, 2019 | Sonatype Nexus Repository Manager 2.x before 2.14.15 allows Remote Code Execution. | |||
| CVE-2019-14469 | 0.00 | — | 0.01 | Aug 22, 2019 | In Nexus Repository Manager before 3.18.0, users with elevated privileges can create stored XSS. | |||
| CVE-2019-9630 | 0.00 | — | 0.01 | Jul 8, 2019 | Sonatype Nexus Repository Manager before 3.17.0 has a weak default of giving any unauthenticated user read permissions on the repository files and images. | |||
| CVE-2019-9629 | 0.00 | — | 0.01 | Jul 8, 2019 | Sonatype Nexus Repository Manager before 3.17.0 establishes a default administrator user with weak defaults (fixed credentials). | |||
| CVE-2019-11629 | 0.00 | — | 0.01 | May 7, 2019 | Sonatype Nexus Repository Manager 2.x before 2.14.13 allows XSS. | |||
| CVE-2018-16621 | 0.00 | — | 0.02 | Nov 15, 2018 | Sonatype Nexus Repository Manager before 3.14 allows Java Expression Language Injection. |
- risk 0.64cvss 9.8epss 0.01
Sonatype Nexus Repository Manager through 2.14.5 has weak password encryption with a hardcoded CMMDwoV value in the LDAP integration feature.
- risk 0.61cvss —epss 0.00
A vulnerability in the task management component of Sonatype Nexus Repository versions 3.22.1 through 3.90.2 allows an authenticated attacker with task creation permissions to execute arbitrary code, bypassing the nexus.scripts.allowCreation security control.
- risk 0.60cvss —epss 0.00
CWE-798: Use of Hard-coded Credentials in Sonatype Nexus Repository Manager versions 3.0.0 through 3.70.5 allows an unauthenticated attacker with network access to gain unauthorized read/write access to the internal database and execute arbitrary OS commands as the Nexus process…
- risk 0.59cvss 7.5epss 0.18
Path Traversal in Sonatype Nexus Repository 3 allows an unauthenticated attacker to read system files. Fixed in version 3.68.1.
- risk 0.57cvss —epss 0.01
A remote unauthenticated attacker may be able to conduct credential-guessing attacks against user accounts in Sonatype Nexus Repository via authentication endpoints.
- risk 0.57cvss —epss 0.00
Server-Side Request Forgery (SSRF) in the Remote Browser Plugin in Sonatype Nexus Repository 2.x up to and including 2.15.2 allows unauthenticated remote attackers to exfiltrate proxy repository credentials via crafted HTTP requests.
- risk 0.56cvss —epss 0.00
An authenticated user with the nx-licensing-create privilege can upload a specially crafted license file to execute arbitrary operating system commands as the Nexus process user in Sonatype Nexus Repository 3 versions before 3.92.0.
- risk 0.51cvss 7.8epss 0.00
Format string vulnerability in drivers/thermal/qpnp-adc-tm.c in the Qualcomm components in Android before 2016-08-05 on Nexus 5 devices allows attackers to gain privileges via a crafted application that provides format string specifiers in a name, aka Android internal bug…
- risk 0.51cvss 7.8epss 0.00
drivers/media/platform/msm/camera_v2/sensor/actuator/msm_actuator.c in the Qualcomm components in Android before 2016-08-05 on Nexus 5 and 7 (2013) devices mishandles a user-space pointer, which allows attackers to gain privileges via a crafted application, aka Android internal…
- risk 0.47cvss —epss 0.02
A Remote Code Execution vulnerability has been discovered in Sonatype Nexus Repository 2. This issue affects Nexus Repository 2 OSS/Pro versions up to and including 2.15.1.
- risk 0.40cvss —epss 0.00
Server-Side Request Forgery (SSRF) vulnerability in Sonatype Nexus Repository 3 versions 3.0.0 and later allows authenticated administrators to configure proxy repositories with URLs that can access unintended network destinations, potentially including cloud metadata services…
- risk 0.40cvss 6.1epss 0.01
Multiple cross-site scripting (XSS) vulnerabilities in Sonatype Nexus Repository Manager (aka NXRM) 2.x before 2.14.6 allow remote attackers to inject arbitrary web script or HTML via (1) the repoId or (2) format parameter to service/siesta/healthcheck/healthCheckFileDetail/.../i…
- risk 0.40cvss 6.1epss 0.01
Multiple cross-site scripting (XSS) vulnerabilities in Sonatype Nexus Repository Manager (aka NXRM) 3.x before 3.8 allow remote attackers to inject arbitrary web script or HTML via (1) the repoId or (2) format parameter to service/siesta/healthcheck/healthCheckFileDetail/.../inde…
- risk 0.35cvss 5.4epss 0.01
Path Traversal in Sonatype IQ Server from version 143 allows remote authenticated attackers to overwrite or delete files via a specially crafted request. Version 171 fixes this issue.
- risk 0.33cvss —epss 0.00
An authenticated user with upload permission to a hosted repository can store content that causes arbitrary JavaScript to execute in the browser of any user who browses that repository directory via the HTML index page in Sonatype Nexus Repository versions 3.6.0 through versions…
- risk 0.33cvss —epss 0.00
An authenticated administrator who configures or tests LDAP connectivity in Sonatype Nexus Repository Manager versions 3.0.0 through 3.91.1 may be able to initiate unintended server-side connections when interacting with a malicious LDAP server.
- risk 0.33cvss —epss 0.00
A reflected cross-site scripting vulnerability exists in Sonatype Nexus Repository versions 3.0.0 through 3.90.2 that allows unauthenticated remote attackers to execute arbitrary JavaScript in a victim's browser through a specially crafted URL. Exploitation requires user…
- risk 0.33cvss —epss 0.00
A reflected cross-site scripting vulnerability exists in Nexus Repository 3 that allows unauthenticated attackers to execute arbitrary JavaScript in a victim's browser through a specially crafted request requiring user interaction.
- risk 0.33cvss —epss 0.00
A stored Cross-site Scripting vulnerability has been discovered in Sonatype Nexus Repository 2 This issue affects Nexus Repository 2 OSS/Pro versions up to and including 2.15.1.
- risk 0.31cvss 4.8epss 0.01
Sonatype Nexus Repository Manager versions 3.x before 3.12.0 has XSS in multiple areas in the Administration UI.
- risk 0.13cvss —epss 0.77
Sonatype Nexus Repository Manager before 3.15.0 has Incorrect Access Control.
- CVE-2020-11444Apr 2, 2020risk 0.05cvss —epss 0.09
Sonatype Nexus Repository Manager 3.x up to and including 3.21.2 has Incorrect Access Control.
- CVE-2019-15588Nov 1, 2019risk 0.01cvss —epss 0.06
There is an OS Command Injection in Nexus Repository Manager <= 2.14.14 (bypass CVE-2019-5475) that could allow an attacker a Remote Code Execution (RCE). All instances using CommandLineExecutor.java with user-supplied data is vulnerable, such as the Yum Configuration Capability.
- CVE-2026-10741Jun 17, 2026risk 0.00cvss —epss 0.00
Sonatype Nexus Repository Manager before 3.93.0 contains an authorization vulnerability in the proxy repository configuration that allows a delegated repository administrator to disclose stored upstream proxy credentials.
- CVE-2024-5764Oct 23, 2024risk 0.00cvss —epss 0.00
Use of Hard-coded Credentials vulnerability in Sonatype Nexus Repository has been discovered in the code responsible for encrypting any secrets stored in the Nexus Repository configuration database (SMTP or HTTP proxy credentials, user tokens, tokens, among others). The affected…
- CVE-2022-27907Mar 30, 2022risk 0.00cvss —epss 0.01
Sonatype Nexus Repository Manager 3.x before 3.38.0 allows SSRF.
- CVE-2021-43961Mar 17, 2022risk 0.00cvss —epss 0.01
Sonatype Nexus Repository Manager 3.36.0 allows HTML Injection.
- CVE-2021-43293Nov 4, 2021risk 0.00cvss —epss 0.01
Sonatype Nexus Repository Manager 3.x before 3.36.0 allows a remote authenticated attacker to potentially perform network enumeration via Server Side Request Forgery (SSRF).
- CVE-2021-42568Nov 2, 2021risk 0.00cvss —epss 0.00
Sonatype Nexus Repository Manager 3.x through 3.35.0 allows attackers to access the SSL Certificates Loading function via a low-privileged account.
- CVE-2021-37152Aug 10, 2021risk 0.00cvss —epss 0.24
Multiple XSS issues exist in Sonatype Nexus Repository Manager 3 before 3.33.0. An authenticated attacker with the ability to add HTML files to a repository could redirect users to Nexus Repository Manager’s pages with code modifications.
- CVE-2021-37163Aug 2, 2021risk 0.00cvss —epss 0.01
An insecure permissions issue was discovered in HMI3 Control Panel in Swisslog Healthcare Nexus operated by released versions of software before Nexus Software 7.2.5.7. The device has two user accounts with passwords that are hardcoded.
- CVE-2021-34553Jun 17, 2021risk 0.00cvss —epss 0.04
Sonatype Nexus Repository Manager 3.x before 3.31.0 allows a remote authenticated attacker to get a list of blob files and read the content of a blob file (via a GET request) without having been granted access.
- CVE-2021-29159Apr 28, 2021risk 0.00cvss —epss 0.01
A cross-site scripting (XSS) vulnerability has been discovered in Nexus Repository Manager 3.x before 3.30.1. An attacker with a local account can create entities with crafted properties that, when viewed by an administrator, can execute arbitrary JavaScript in the context of…
- CVE-2021-30635Apr 27, 2021risk 0.00cvss —epss 0.02
Sonatype Nexus Repository Manager 3.x before 3.30.1 allows a remote attacker to get a list of files and directories that exist in a UI-related folder via directory traversal (no customer-specific data is exposed).
- CVE-2021-29158Apr 23, 2021risk 0.00cvss —epss 0.01
Sonatype Nexus Repository Manager 3 Pro up to and including 3.30.0 has Incorrect Access Control.
- CVE-2020-29436Dec 17, 2020risk 0.00cvss —epss 0.01
Sonatype Nexus Repository Manager 3.x before 3.29.0 allows a user with admin privileges to configure the system to gain access to content outside of NXRM via an XXE vulnerability. Fixed in version 3.29.0.
- CVE-2020-15012Oct 12, 2020risk 0.00cvss —epss 0.03
A Directory Traversal issue was discovered in Sonatype Nexus Repository Manager 2.x before 2.14.19. A user that requests a crafted path can traverse up the file system to get access to content on disk (that the user running nxrm also has access to).
- CVE-2020-24622Aug 25, 2020risk 0.00cvss —epss 0.01
In Sonatype Nexus Repository 3.26.1, an S3 secret key can be exposed by an admin user.
- CVE-2020-15868Aug 12, 2020risk 0.00cvss —epss 0.01
Sonatype Nexus Repository Manager OSS/Pro before 3.26.0 has Incorrect Access Control.
- CVE-2020-15871Jul 31, 2020risk 0.00cvss —epss 0.02
Sonatype Nexus Repository Manager OSS/Pro version before 3.25.1 allows Remote Code Execution.
- CVE-2020-15869Jul 31, 2020risk 0.00cvss —epss 0.01
Sonatype Nexus Repository Manager OSS/Pro versions before 3.25.1 allow XSS (issue 1 of 2).
- CVE-2020-15870Jul 31, 2020risk 0.00cvss —epss 0.01
Sonatype Nexus Repository Manager OSS/Pro versions before 3.25.1 allow XSS (Issue 2 of 2).
- CVE-2020-11415Apr 27, 2020risk 0.00cvss —epss 0.01
An issue was discovered in Sonatype Nexus Repository Manager 2.x before 2.14.17 and 3.x before 3.22.1. Admin users can retrieve the LDAP server system username/password (as configured in nxrm) in cleartext.
- CVE-2020-11753Apr 20, 2020risk 0.00cvss —epss 0.02
An issue was discovered in Sonatype Nexus Repository Manager in versions 3.21.1 and 3.22.0. It is possible for a user with appropriate privileges to create, modify, and execute scripting tasks without use of the UI or API. NOTE: in 3.22.0, scripting is disabled by default…
- CVE-2019-15893Oct 16, 2019risk 0.00cvss —epss 0.02
Sonatype Nexus Repository Manager 2.x before 2.14.15 allows Remote Code Execution.
- CVE-2019-14469Aug 22, 2019risk 0.00cvss —epss 0.01
In Nexus Repository Manager before 3.18.0, users with elevated privileges can create stored XSS.
- CVE-2019-9630Jul 8, 2019risk 0.00cvss —epss 0.01
Sonatype Nexus Repository Manager before 3.17.0 has a weak default of giving any unauthenticated user read permissions on the repository files and images.
- CVE-2019-9629Jul 8, 2019risk 0.00cvss —epss 0.01
Sonatype Nexus Repository Manager before 3.17.0 establishes a default administrator user with weak defaults (fixed credentials).
- CVE-2019-11629May 7, 2019risk 0.00cvss —epss 0.01
Sonatype Nexus Repository Manager 2.x before 2.14.13 allows XSS.
- CVE-2018-16621Nov 15, 2018risk 0.00cvss —epss 0.02
Sonatype Nexus Repository Manager before 3.14 allows Java Expression Language Injection.
Page 1 of 2