Vulnerabilities
Vulnerable Software
A Directory Traversal issue was discovered in Sonatype Nexus Repository Manager 2.x before 2.14.19. A user that requests a crafted path can traverse up the file system to get access to content on disk (that the user running nxrm also has access to).
CVSS Score
8.6
EPSS Score
0.008
Published
2020-10-12
An issue was discovered in Sonatype Nexus Repository Manager 2.x before 2.14.17 and 3.x before 3.22.1. Admin users can retrieve the LDAP server system username/password (as configured in nxrm) in cleartext.
CVSS Score
4.9
EPSS Score
0.003
Published
2020-04-27
Sonatype Nexus Repository Manager before 3.17.0 establishes a default administrator user with weak defaults (fixed credentials).
CVSS Score
9.8
EPSS Score
0.004
Published
2019-07-08
Sonatype Nexus Repository Manager before 3.17.0 has a weak default of giving any unauthenticated user read permissions on the repository files and images.
CVSS Score
7.5
EPSS Score
0.011
Published
2019-07-08
Sonatype Nexus Repository Manager before 3.14 allows XSS.
CVSS Score
6.1
EPSS Score
0.004
Published
2018-11-15
Sonatype Nexus Repository Manager before 3.14 has Incorrect Access Control.
CVSS Score
7.5
EPSS Score
0.003
Published
2018-11-15
Sonatype Nexus Repository Manager before 3.14 allows Java Expression Language Injection.
CVSS Score
7.2
EPSS Score
0.004
Published
2018-11-15


Contact Us

Shodan ® - All rights reserved