Sonatype: >> Nexus Repository Manager >> 3.14.0-04 Security Vulnerabilities
Sonatype Nexus Repository Manager 2.x before 2.14.15 and 3.x before 3.19, and IQ Server before 72, has remote code execution.
CVSS Score
7.2
EPSS Score
0.04
Published
2019-10-21
In Nexus Repository Manager before 3.18.0, users with elevated privileges can create stored XSS.
CVSS Score
5.4
EPSS Score
0.003
Published
2019-08-22
Sonatype Nexus Repository Manager before 3.17.0 establishes a default administrator user with weak defaults (fixed credentials).
CVSS Score
9.8
EPSS Score
0.004
Published
2019-07-08
Sonatype Nexus Repository Manager before 3.17.0 has a weak default of giving any unauthenticated user read permissions on the repository files and images.
CVSS Score
7.5
EPSS Score
0.011
Published
2019-07-08
CVE-2019-7238
Sonatype Nexus Repository Manager before 3.15.0 has Incorrect Access Control.
Known exploited
CVSS Score
9.8
EPSS Score
0.944
Published
2019-03-21
Page 2