nexus_repository_manager vulnerabilities and exploits

7.5
CVSSv2
CVE-2019-9629

Sonatype Nexus Repository Manager before 3.17.0 establishes a default administrator user with weak defaults (fixed credentials)....

3.5
CVSSv2
CVE-2019-14469

In Nexus Repository Manager before 3.18.0, users with elevated privileges can create stored XSS....

9
CVSSv2
CVE-2019-15588

There is an OS Command Injection in Nexus Repository Manager <= 2.14.14 (bypass CVE-2019-5475) that could allow an attacker a Remote Code Execution (RCE). All instances using CommandLineExecutor.java with user-supplied data is vulnerable, such as the Yum Configuration...

9
CVSSv2
CVE-2019-5475

The Nexus Yum Repository Plugin in v2 is vulnerable to Remote Code Execution when instances using CommandLineExecutor.java are supplied vulnerable data, such as the Yum Configuration Capability....

SonatypeNexus Repository Manager
10
CVSSv2
CVE-2017-17717

Sonatype Nexus Repository Manager through 2.14.5 has weak password encryption with a hardcoded CMMDwoV value in the LDAP integration feature....

5
CVSSv2
CVE-2019-9630

Sonatype Nexus Repository Manager before 3.17.0 has a weak default of giving any unauthenticated user read permissions on the repository files and images....

5
CVSSv2
CVE-2018-16620

Sonatype Nexus Repository Manager before 3.14 has Incorrect Access Control....

6.5
CVSSv2
CVE-2019-15893

Sonatype Nexus Repository Manager 2.x before 2.14.15 allows Remote Code Execution....

9
CVSSv2
CVE-2019-16530

Sonatype Nexus Repository Manager 2.x before 2.14.15 and 3.x before 3.19, and IQ Server before 72, has remote code execution....