Vulnerability Details CVE-2019-7238
Sonatype Nexus Repository Manager before 3.15.0 has Incorrect Access Control.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.94
EPSS Ranking 99.9%
CVSS Severity
CVSS v3 Score 9.8
CVSS v2 Score 7.5
Proposed Action
Sonatype Nexus Repository Manager before 3.15.0 has an incorrect access control vulnerability. Exploitation allows for remote code execution.
Ransomware Campaign
Unknown
References
- https://support.sonatype.com/hc/en-us/articles/360017310793-CVE-2019-7238-Nexus-Repository-Manager-3-Missing-Access-Controls-and-Remote-Code-Execution-February-5th-2019
- https://support.sonatype.com/hc/en-us/articles/360017310793-CVE-2019-7238-Nexus-Repository-Manager-3-Missing-Access-Controls-and-Remote-Code-Execution-February-5th-2019
Products affected by CVE-2019-7238
-
cpe:2.3:a:sonatype:nexus:-
-
cpe:2.3:a:sonatype:nexus:2.0.4
-
cpe:2.3:a:sonatype:nexus:2.0.5
-
cpe:2.3:a:sonatype:nexus:2.0.6
-
cpe:2.3:a:sonatype:nexus:2.1
-
cpe:2.3:a:sonatype:nexus:2.1.1
-
cpe:2.3:a:sonatype:nexus:2.11.0
-
cpe:2.3:a:sonatype:nexus:2.2
-
cpe:2.3:a:sonatype:nexus:2.3.1
-
cpe:2.3:a:sonatype:nexus:2.4.0
-
cpe:2.3:a:sonatype:nexus:2.5.0
-
cpe:2.3:a:sonatype:nexus:2.5.1
-
cpe:2.3:a:sonatype:nexus:2.6.0
-
cpe:2.3:a:sonatype:nexus:2.6.1
-
cpe:2.3:a:sonatype:nexus:2.6.2
-
cpe:2.3:a:sonatype:nexus:2.6.3
-
cpe:2.3:a:sonatype:nexus:2.6.4
-
cpe:2.3:a:sonatype:nexus:2.6.5
-
cpe:2.3:a:sonatype:nexus:2.7.0
-
cpe:2.3:a:sonatype:nexus:2.7.1
-
cpe:2.3:a:sonatype:nexus:3.0.0