Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
nexus repository manager vulnerabilities and exploits
(subscribe to this query)
890
VMScore
CVE-2017-17717
Sonatype Nexus Repository Manager up to and including 2.14.5 has weak password encryption with a hardcoded CMMDwoV value in the LDAP integration feature.
Sonatype Nexus Repository Manager
805
VMScore
CVE-2020-10199
Sonatype Nexus Repository prior to 3.21.2 allows JavaEL Injection (issue 1 of 2).
Sonatype Nexus
13 Github repositories
802
VMScore
CVE-2019-15588
There is an OS Command Injection in Nexus Repository Manager <= 2.14.14 (bypass CVE-2019-5475) that could allow an attacker a Remote Code Execution (RCE). All instances using CommandLineExecutor.java with user-supplied data is vulnerable, such as the Yum Configuration Capabili...
Sonatype Nexus Repository Manager
2 Github repositories
802
VMScore
CVE-2019-5475
The Nexus Yum Repository Plugin in v2 is vulnerable to Remote Code Execution when instances using CommandLineExecutor.java are supplied vulnerable data, such as the Yum Configuration Capability.
Sonatype Nexus Repository Manager
4 Github repositories
801
VMScore
CVE-2019-16530
Sonatype Nexus Repository Manager 2.x prior to 2.14.15 and 3.x prior to 3.19, and IQ Server prior to 72, has remote code execution.
Sonatype Nexus Repository Manager
Sonatype Nexus Iq Server
720
VMScore
CVE-2022-22965
A Spring MVC or Spring WebFlux application running on JDK 9+ may be vulnerable to remote code execution (RCE) via data binding. The specific exploit requires the application to run on Tomcat as a WAR deployment. If the application is deployed as a Spring Boot executable jar, i.e....
Vmware Spring Framework
Cisco Cx Cloud Agent
Oracle Sd-wan Edge 9.0
Oracle Retail Xstore Point Of Service 20.0.1
Oracle Communications Cloud Native Core Security Edge Protection Proxy 1.7.0
Oracle Financial Services Analytical Applications Infrastructure 8.1.1
Oracle Sd-wan Edge 9.1
Siemens Siveillance Identity 1.6
Siemens Siveillance Identity 1.5
Siemens Sipass Integrated 2.85
Siemens Sipass Integrated 2.80
Oracle Product Lifecycle Analytics 3.6.1
Oracle Financial Services Enterprise Case Management 8.1.1.0
Oracle Financial Services Enterprise Case Management 8.1.1.1
Oracle Financial Services Behavior Detection Platform 8.1.2.0
Oracle Financial Services Behavior Detection Platform 8.1.1.1
Oracle Financial Services Behavior Detection Platform 8.1.1.0
Oracle Communications Cloud Native Core Console 1.9.0
Oracle Communications Cloud Native Core Policy 1.15.0
Oracle Communications Cloud Native Core Unified Data Repository 1.15.0
Oracle Communications Cloud Native Core Unified Data Repository 22.1.0
Oracle Communications Cloud Native Core Security Edge Protection Proxy 22.1.0
174 Github repositories
7 Articles
694
VMScore
CVE-2020-15012
A Directory Traversal issue exists in Sonatype Nexus Repository Manager 2.x prior to 2.14.19. A user that requests a crafted path can traverse up the file system to get access to content on disk (that the user running nxrm also has access to).
Sonatype Nexus Repository Manager
670
VMScore
CVE-2019-7238
Sonatype Nexus Repository Manager prior to 3.15.0 has Incorrect Access Control.
Sonatype Nexus
9 Github repositories
668
VMScore
CVE-2019-9629
Sonatype Nexus Repository Manager prior to 3.17.0 establishes a default administrator user with weak defaults (fixed credentials).
Sonatype Nexus Repository Manager
605
VMScore
CVE-2020-15871
Sonatype Nexus Repository Manager OSS/Pro version prior to 3.25.1 allows Remote Code Execution.
Sonatype Nexus Repository Manager 3
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-23692
CVE-2012-1823
memory leak
CVE-2024-0627
CVE-2024-31402
privilege escalation
CVE-2024-36418
remote code execution
CVE-2024-27844
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
4
NEXT »