Sonatype: Security Vulnerabilities
Sonatype Nexus Repository Manager 3.x up to and including 3.21.2 has Incorrect Access Control.
CVSS Score
8.8
EPSS Score
0.359
Published
2020-04-02
CVE-2020-10199
Sonatype Nexus Repository before 3.21.2 allows JavaEL Injection (issue 1 of 2).
Known exploited
CVSS Score
8.8
EPSS Score
0.944
Published
2020-04-01
Sonatype Nexus Repository before 3.21.2 allows XSS.
CVSS Score
4.8
EPSS Score
0.004
Published
2020-04-01
Sonatype Nexus Repository before 3.21.2 allows Remote Code Execution.
CVSS Score
7.2
EPSS Score
0.541
Published
2020-04-01
There is an OS Command Injection in Nexus Repository Manager <= 2.14.14 (bypass CVE-2019-5475) that could allow an attacker a Remote Code Execution (RCE). All instances using CommandLineExecutor.java with user-supplied data is vulnerable, such as the Yum Configuration Capability.
CVSS Score
7.2
EPSS Score
0.077
Published
2019-11-01
Sonatype Nexus Repository Manager 2.x before 2.14.15 and 3.x before 3.19, and IQ Server before 72, has remote code execution.
CVSS Score
7.2
EPSS Score
0.04
Published
2019-10-21
Sonatype Nexus Repository Manager 2.x before 2.14.15 allows Remote Code Execution.
CVSS Score
7.2
EPSS Score
0.03
Published
2019-10-16
The Nexus Yum Repository Plugin in v2 is vulnerable to Remote Code Execution when instances using CommandLineExecutor.java are supplied vulnerable data, such as the Yum Configuration Capability.
CVSS Score
8.8
EPSS Score
0.563
Published
2019-09-03
In Nexus Repository Manager before 3.18.0, users with elevated privileges can create stored XSS.
CVSS Score
5.4
EPSS Score
0.003
Published
2019-08-22
Sonatype Nexus Repository Manager before 3.17.0 establishes a default administrator user with weak defaults (fixed credentials).
CVSS Score
9.8
EPSS Score
0.004
Published
2019-07-08