Shodan
Vulnerabilities
Vulnerable Software
Sonatype:  Security Vulnerabilities
CVE-2019-9630
Sonatype Nexus Repository Manager before 3.17.0 has a weak default of giving any unauthenticated user read permissions on the repository files and images.
CVSS Score
7.5
EPSS Score
0.011
Published
2019-07-08
CVE-2019-11629
Sonatype Nexus Repository Manager 2.x before 2.14.13 allows XSS.
CVSS Score
6.1
EPSS Score
0.004
Published
2019-05-07
CVE-2019-7238
Known exploited
Sonatype Nexus Repository Manager before 3.15.0 has Incorrect Access Control.
CVSS Score
9.8
EPSS Score
0.942
Published
2019-03-21
CVE-2018-16619
Sonatype Nexus Repository Manager before 3.14 allows XSS.
CVSS Score
6.1
EPSS Score
0.004
Published
2018-11-15
CVE-2018-16620
Sonatype Nexus Repository Manager before 3.14 has Incorrect Access Control.
CVSS Score
7.5
EPSS Score
0.003
Published
2018-11-15
CVE-2018-16621
Sonatype Nexus Repository Manager before 3.14 allows Java Expression Language Injection.
CVSS Score
7.2
EPSS Score
0.004
Published
2018-11-15
CVE-2018-12100
Sonatype Nexus Repository Manager versions 3.x before 3.12.0 has XSS in multiple areas in the Administration UI.
CVSS Score
4.8
EPSS Score
0.003
Published
2018-06-11
CVE-2018-5306
Multiple cross-site scripting (XSS) vulnerabilities in Sonatype Nexus Repository Manager (aka NXRM) 3.x before 3.8 allow remote attackers to inject arbitrary web script or HTML via (1) the repoId or (2) format parameter to service/siesta/healthcheck/healthCheckFileDetail/.../index.html; (3) the filename in the "File Upload" functionality of the Staging Upload; (4) the username when creating a new user; or (5) the IQ Server URL field in the IQ Server Connection functionality.
CVSS Score
6.1
EPSS Score
0.003
Published
2018-02-09
CVE-2018-5307
Multiple cross-site scripting (XSS) vulnerabilities in Sonatype Nexus Repository Manager (aka NXRM) 2.x before 2.14.6 allow remote attackers to inject arbitrary web script or HTML via (1) the repoId or (2) format parameter to service/siesta/healthcheck/healthCheckFileDetail/.../index.html; (3) the filename in the "File Upload" functionality of the Staging Upload; (4) the username when creating a new user; or (5) the IQ Server URL field in the IQ Server Connection functionality.
CVSS Score
6.1
EPSS Score
0.003
Published
2018-02-09
CVE-2017-17717
Sonatype Nexus Repository Manager through 2.14.5 has weak password encryption with a hardcoded CMMDwoV value in the LDAP integration feature.
CVSS Score
9.8
EPSS Score
0.001
Published
2017-12-17


Products
Pricing
Contact Us

Shodan ® - All rights reserved