Sonatype: >> Nexus Repository Manager >> 3.12.0-01 Security Vulnerabilities
Sonatype Nexus Repository Manager before 3.17.0 establishes a default administrator user with weak defaults (fixed credentials).
CVSS Score
9.8
EPSS Score
0.004
Published
2019-07-08
Sonatype Nexus Repository Manager before 3.17.0 has a weak default of giving any unauthenticated user read permissions on the repository files and images.
CVSS Score
7.5
EPSS Score
0.011
Published
2019-07-08
Sonatype Nexus Repository Manager before 3.14 allows XSS.
CVSS Score
6.1
EPSS Score
0.003
Published
2018-11-15
Sonatype Nexus Repository Manager before 3.14 has Incorrect Access Control.
CVSS Score
7.5
EPSS Score
0.003
Published
2018-11-15
Sonatype Nexus Repository Manager before 3.14 allows Java Expression Language Injection.
CVSS Score
7.2
EPSS Score
0.006
Published
2018-11-15
Page 2