sonatype vulnerabilities and exploits

7.5
CVSSv2
CVE-2014-9389

Directory traversal vulnerability in Sonatype Nexus OSS and Pro before 2.11.1-01 allows remote attackers to read or write to arbitrary files via unspecified vectors....

7.5
CVSSv2
CVE-2019-7238

Sonatype Nexus Repository Manager before 3.15.0 has Incorrect Access Control....

SonatypeNexus
7.5
CVSSv2
CVE-2014-0792

Sonatype Nexus 1.x and 2.x before 2.7.1 allows remote attackers to create arbitrary objects and execute arbitrary code via unspecified vectors related to unmarshalling of unintended Object types....

7.5
CVSSv2
CVE-2019-9629

Sonatype Nexus Repository Manager before 3.17.0 establishes a default administrator user with weak defaults (fixed credentials)....

3.5
CVSSv2
CVE-2019-14469

In Nexus Repository Manager before 3.18.0, users with elevated privileges can create stored XSS....

9
CVSSv2
CVE-2019-15588

There is an OS Command Injection in Nexus Repository Manager <= 2.14.14 (bypass CVE-2019-5475) that could allow an attacker a Remote Code Execution (RCE). All instances using CommandLineExecutor.java with user-supplied data is vulnerable, such as the Yum Configuration...

10
CVSSv2
CVE-2017-17717

Sonatype Nexus Repository Manager through 2.14.5 has weak password encryption with a hardcoded CMMDwoV value in the LDAP integration feature....

5
CVSSv2
CVE-2019-9630

Sonatype Nexus Repository Manager before 3.17.0 has a weak default of giving any unauthenticated user read permissions on the repository files and images....

5
CVSSv2
CVE-2018-16620

Sonatype Nexus Repository Manager before 3.14 has Incorrect Access Control....

6.5
CVSSv2
CVE-2019-15893

Sonatype Nexus Repository Manager 2.x before 2.14.15 allows Remote Code Execution....