Vulnerability Details CVE-2019-7238
Sonatype Nexus Repository Manager before 3.15.0 has Incorrect Access Control.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.944
EPSS Ranking 100.0%
CVSS Severity
CVSS v3 Score 9.8
CVSS v2 Score 7.5
Proposed Action
Sonatype Nexus Repository Manager before 3.15.0 has an incorrect access control vulnerability. Exploitation allows for remote code execution.
Ransomware Campaign
Unknown
References
- https://support.sonatype.com/hc/en-us/articles/360017310793-CVE-2019-7238-Nexus-Repository-Manager-3-Missing-Access-Controls-and-Remote-Code-Execution-February-5th-2019
- https://support.sonatype.com/hc/en-us/articles/360017310793-CVE-2019-7238-Nexus-Repository-Manager-3-Missing-Access-Controls-and-Remote-Code-Execution-February-5th-2019
- https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2019-7238
Products affected by CVE-2019-7238
-
cpe:2.3:a:sonatype:nexus_repository_manager:3.0.0
-
cpe:2.3:a:sonatype:nexus_repository_manager:3.0.1
-
cpe:2.3:a:sonatype:nexus_repository_manager:3.0.2
-
cpe:2.3:a:sonatype:nexus_repository_manager:3.1.0
-
cpe:2.3:a:sonatype:nexus_repository_manager:3.10.0
-
cpe:2.3:a:sonatype:nexus_repository_manager:3.10.0-04
-
cpe:2.3:a:sonatype:nexus_repository_manager:3.11.0
-
cpe:2.3:a:sonatype:nexus_repository_manager:3.11.0-01
-
cpe:2.3:a:sonatype:nexus_repository_manager:3.12.0
-
cpe:2.3:a:sonatype:nexus_repository_manager:3.12.0-01
-
cpe:2.3:a:sonatype:nexus_repository_manager:3.12.1
-
cpe:2.3:a:sonatype:nexus_repository_manager:3.12.1-01
-
cpe:2.3:a:sonatype:nexus_repository_manager:3.13.0
-
cpe:2.3:a:sonatype:nexus_repository_manager:3.13.0-01
-
cpe:2.3:a:sonatype:nexus_repository_manager:3.14.0
-
cpe:2.3:a:sonatype:nexus_repository_manager:3.14.0-04
-
cpe:2.3:a:sonatype:nexus_repository_manager:3.2.0
-
cpe:2.3:a:sonatype:nexus_repository_manager:3.2.1
-
cpe:2.3:a:sonatype:nexus_repository_manager:3.3.0
-
cpe:2.3:a:sonatype:nexus_repository_manager:3.3.0-01
-
cpe:2.3:a:sonatype:nexus_repository_manager:3.3.1
-
cpe:2.3:a:sonatype:nexus_repository_manager:3.3.1-01
-
cpe:2.3:a:sonatype:nexus_repository_manager:3.3.2
-
cpe:2.3:a:sonatype:nexus_repository_manager:3.4.0
-
cpe:2.3:a:sonatype:nexus_repository_manager:3.4.0-02
-
cpe:2.3:a:sonatype:nexus_repository_manager:3.5.0
-
cpe:2.3:a:sonatype:nexus_repository_manager:3.5.0-02
-
cpe:2.3:a:sonatype:nexus_repository_manager:3.5.1
-
cpe:2.3:a:sonatype:nexus_repository_manager:3.5.2
-
cpe:2.3:a:sonatype:nexus_repository_manager:3.5.2-01
-
cpe:2.3:a:sonatype:nexus_repository_manager:3.6.0
-
cpe:2.3:a:sonatype:nexus_repository_manager:3.6.0-02
-
cpe:2.3:a:sonatype:nexus_repository_manager:3.6.1
-
cpe:2.3:a:sonatype:nexus_repository_manager:3.6.1-02
-
cpe:2.3:a:sonatype:nexus_repository_manager:3.6.2
-
cpe:2.3:a:sonatype:nexus_repository_manager:3.6.2-01
-
cpe:2.3:a:sonatype:nexus_repository_manager:3.7.0
-
cpe:2.3:a:sonatype:nexus_repository_manager:3.7.0-04
-
cpe:2.3:a:sonatype:nexus_repository_manager:3.7.1
-
cpe:2.3:a:sonatype:nexus_repository_manager:3.7.1-02
-
cpe:2.3:a:sonatype:nexus_repository_manager:3.8.0
-
cpe:2.3:a:sonatype:nexus_repository_manager:3.8.0-02
-
cpe:2.3:a:sonatype:nexus_repository_manager:3.9.0
-
cpe:2.3:a:sonatype:nexus_repository_manager:3.9.0-01