Sonatype

sonatype

43 CVEs • 4 products

Products (4)

Click to collapse

Toggle

Nexus Repository Manager

nexus_repository_manager

Nexus Repository Manager 3

nexus_repository_manager_3

CVEs (43)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2020-11444 1Sonatype 1Nexus Nov 21, 2024 Apr 2, 2020 N/A· v4 8.8 HIGH· v3 6.5 MEDIUM· v2 Sonatype Nexus Repository Manager 3.x up to and including 3.21.2 has Incorrect Access Control.
CVE-2020-10204 1Sonatype 1Nexus Nov 21, 2024 Apr 1, 2020 N/A· v4 7.2 HIGH· v3 9.0 HIGH· v2 Sonatype Nexus Repository before 3.21.2 allows Remote Code Execution.
CVE-2020-10203 1Sonatype 1Nexus Nov 21, 2024 Apr 1, 2020 N/A· v4 4.8 MEDIUM· v3 3.5 LOW· v2 Sonatype Nexus Repository before 3.21.2 allows XSS.
CVE-2020-10199 1Sonatype 1Nexus Nov 7, 2025 Apr 1, 2020 N/A· v4 8.8 HIGH· v3 9.0 HIGH· v2 Sonatype Nexus Repository before 3.21.2 allows JavaEL Injection (issue 1 of 2).
CVE-2019-15588 1Sonatype 1Nexus Repository Manager Nov 21, 2024 Nov 1, 2019 N/A· v4 7.2 HIGH· v3 9.0 HIGH· v2 There is an OS Command Injection in Nexus Repository Manager <= 2.14.14 (bypass CVE-2019-5475) that could allow an attacker a Remote Code Execution (RCE). All instances using CommandLineExecutor.java with user-supplied d...Show more There is an OS Command Injection in Nexus Repository Manager <= 2.14.14 (bypass CVE-2019-5475) that could allow an attacker a Remote Code Execution (RCE). All instances using CommandLineExecutor.java with user-supplied data is vulnerable, such as the Yum Configuration Capability.Show less
CVE-2019-16530 1Sonatype 2Nexus Iq Server Nexus Repository Manager Nov 21, 2024 Oct 21, 2019 N/A· v4 7.2 HIGH· v3 9.0 HIGH· v2 Sonatype Nexus Repository Manager 2.x before 2.14.15 and 3.x before 3.19, and IQ Server before 72, has remote code execution.
CVE-2019-15893 1Sonatype 1Nexus Repository Manager Nov 21, 2024 Oct 16, 2019 N/A· v4 7.2 HIGH· v3 6.5 MEDIUM· v2 Sonatype Nexus Repository Manager 2.x before 2.14.15 allows Remote Code Execution.
CVE-2019-5475 1Sonatype 1Nexus Repository Manager Nov 21, 2024 Sep 3, 2019 N/A· v4 8.8 HIGH· v3 9.0 HIGH· v2 The Nexus Yum Repository Plugin in v2 is vulnerable to Remote Code Execution when instances using CommandLineExecutor.java are supplied vulnerable data, such as the Yum Configuration Capability.
CVE-2019-14469 1Sonatype 1Nexus Repository Manager Nov 21, 2024 Aug 22, 2019 N/A· v4 5.4 MEDIUM· v3 3.5 LOW· v2 In Nexus Repository Manager before 3.18.0, users with elevated privileges can create stored XSS.
CVE-2019-9630 1Sonatype 1Nexus Repository Manager Nov 21, 2024 Jul 8, 2019 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 Sonatype Nexus Repository Manager before 3.17.0 has a weak default of giving any unauthenticated user read permissions on the repository files and images.
CVE-2019-9629 1Sonatype 1Nexus Repository Manager Nov 21, 2024 Jul 8, 2019 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 Sonatype Nexus Repository Manager before 3.17.0 establishes a default administrator user with weak defaults (fixed credentials).
CVE-2019-11629 1Sonatype 1Nexus Repository Manager Nov 21, 2024 May 7, 2019 N/A· v4 6.1 MEDIUM· v3 4.3 MEDIUM· v2 Sonatype Nexus Repository Manager 2.x before 2.14.13 allows XSS.
CVE-2019-7238 1Sonatype 1Nexus Repository Manager Nov 6, 2025 Mar 21, 2019 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 Sonatype Nexus Repository Manager before 3.15.0 has Incorrect Access Control.
CVE-2018-16621 1Sonatype 1Nexus Repository Manager Nov 21, 2024 Nov 15, 2018 N/A· v4 7.2 HIGH· v3 6.5 MEDIUM· v2 Sonatype Nexus Repository Manager before 3.14 allows Java Expression Language Injection.
CVE-2018-16620 1Sonatype 1Nexus Repository Manager Nov 21, 2024 Nov 15, 2018 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 Sonatype Nexus Repository Manager before 3.14 has Incorrect Access Control.
CVE-2018-16619 1Sonatype 1Nexus Repository Manager Nov 21, 2024 Nov 15, 2018 N/A· v4 6.1 MEDIUM· v3 4.3 MEDIUM· v2 Sonatype Nexus Repository Manager before 3.14 allows XSS.
CVE-2018-12100 1Sonatype 1Nexus Repository Manager Nov 21, 2024 Jun 11, 2018 N/A· v4 4.8 MEDIUM· v3 3.5 LOW· v2 Sonatype Nexus Repository Manager versions 3.x before 3.12.0 has XSS in multiple areas in the Administration UI.
CVE-2018-5307 1Sonatype 1Nexus Repository Manager Nov 21, 2024 Feb 9, 2018 N/A· v4 6.1 MEDIUM· v3 4.3 MEDIUM· v2 Multiple cross-site scripting (XSS) vulnerabilities in Sonatype Nexus Repository Manager (aka NXRM) 2.x before 2.14.6 allow remote attackers to inject arbitrary web script or HTML via (1) the repoId or (2) format paramet...Show more Multiple cross-site scripting (XSS) vulnerabilities in Sonatype Nexus Repository Manager (aka NXRM) 2.x before 2.14.6 allow remote attackers to inject arbitrary web script or HTML via (1) the repoId or (2) format parameter to service/siesta/healthcheck/healthCheckFileDetail/.../index.html; (3) the filename in the "File Upload" functionality of the Staging Upload; (4) the username when creating a new user; or (5) the IQ Server URL field in the IQ Server Connection functionality.Show less
CVE-2018-5306 1Sonatype 1Nexus Repository Manager Nov 21, 2024 Feb 9, 2018 N/A· v4 6.1 MEDIUM· v3 4.3 MEDIUM· v2 Multiple cross-site scripting (XSS) vulnerabilities in Sonatype Nexus Repository Manager (aka NXRM) 3.x before 3.8 allow remote attackers to inject arbitrary web script or HTML via (1) the repoId or (2) format parameter...Show more Multiple cross-site scripting (XSS) vulnerabilities in Sonatype Nexus Repository Manager (aka NXRM) 3.x before 3.8 allow remote attackers to inject arbitrary web script or HTML via (1) the repoId or (2) format parameter to service/siesta/healthcheck/healthCheckFileDetail/.../index.html; (3) the filename in the "File Upload" functionality of the Staging Upload; (4) the username when creating a new user; or (5) the IQ Server URL field in the IQ Server Connection functionality.Show less
CVE-2017-17717 1Sonatype 1Nexus Repository Manager May 13, 2026 Dec 17, 2017 N/A· v4 9.8 CRITICAL· v3 10.0 HIGH· v2 Sonatype Nexus Repository Manager through 2.14.5 has weak password encryption with a hardcoded CMMDwoV value in the LDAP integration feature.

Previous 123 Next