Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
sonatype vulnerabilities and exploits
(subscribe to this query)
4.3
CVSSv3
CVE-2022-27907
Sonatype Nexus Repository Manager 3.x prior to 3.38.0 allows SSRF.
Sonatype Nexus Repository Manager
4.3
CVSSv3
CVE-2021-43293
Sonatype Nexus Repository Manager 3.x prior to 3.36.0 allows a remote authenticated malicious user to potentially perform network enumeration via Server Side Request Forgery (SSRF).
Sonatype Nexus Repository Manager
6.1
CVSSv3
CVE-2019-11629
Sonatype Nexus Repository Manager 2.x prior to 2.14.13 allows XSS.
Sonatype Nexus Repository Manager
4.3
CVSSv3
CVE-2021-43961
Sonatype Nexus Repository Manager 3.36.0 allows HTML Injection.
Sonatype Nexus Repository Manager
7.2
CVSSv3
CVE-2019-15588
There is an OS Command Injection in Nexus Repository Manager <= 2.14.14 (bypass CVE-2019-5475) that could allow an attacker a Remote Code Execution (RCE). All instances using CommandLineExecutor.java with user-supplied data is vulnerable, such as the Yum Configuration Capabili...
Sonatype Nexus Repository Manager
2 Github repositories
8.2
CVSSv3
CVE-2021-40143
Sonatype Nexus Repository 3.x up to and including 3.33.1-01 is vulnerable to an HTTP header injection. By sending a crafted HTTP request, a remote attacker may disclose sensitive information or request external resources from a vulnerable instance.
Sonatype Nexus Repository Manager 3
5.4
CVSSv3
CVE-2020-15869
Sonatype Nexus Repository Manager OSS/Pro versions prior to 3.25.1 allow XSS (issue 1 of 2).
Sonatype Nexus Repository Manager 3
8.8
CVSSv3
CVE-2020-15871
Sonatype Nexus Repository Manager OSS/Pro version prior to 3.25.1 allows Remote Code Execution.
Sonatype Nexus Repository Manager 3
6.1
CVSSv3
CVE-2020-15870
Sonatype Nexus Repository Manager OSS/Pro versions prior to 3.25.1 allow XSS (Issue 2 of 2).
Sonatype Nexus Repository Manager 3
4.9
CVSSv3
CVE-2021-29158
Sonatype Nexus Repository Manager 3 Pro up to and including 3.30.0 has Incorrect Access Control.
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
XXE
CVE-2024-34490
SQL injection
CVE-2024-34488
CVE-2024-4507
CVE-2023-7028
CVE-2024-23187
TCP
CVE-2024-4439
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
NEXT »