Published: 01/11/2019 Updated: 06/11/2019

CVSS v2 Base Score: 9 | Impact Score: 10 | Exploitability Score: 8

CVSS v3 Base Score: 7.2 | Impact Score: 5.9 | Exploitability Score: 1.2

VMScore: 802

Vector: AV:N/AC:L/Au:S/C:C/I:C/A:C

There is an OS Command Injection in Nexus Repository Manager <= 2.14.14 (bypass CVE-2019-5475) that could allow an attacker a Remote Code Execution (RCE). All instances using CommandLineExecutor.java with user-supplied data is vulnerable, such as the Yum Configuration Capability.

Vulnerable Product	Search on Vulmon	Subscribe to Product
sonatype nexus repository manager

CVE-2019-5475 靶场： RCE 命令注入漏洞

CVE-2019-5475 CVE-2019-5475 与 CVE-2019-15588 靶场: RCE 命令注入漏洞 0x00 背景 CVE-2019-5475 是 Nexus 关于内置插件 Yum Repository 的 RCE 命令注入漏洞，其最早被披露于 hackerone，但因官方第一次修复不完整，故又衍生出了 CVE-2019-15588 漏洞。这两个漏洞都需要以 admin 身份登录后才可以利用，但是 nexus 默

CVE-2019-15588 靶场： RCE 命令注入漏洞

CVE-2019-15588 CVE-2019-15588 靶场： RCE 命令注入漏洞 Merged into githubcom/lyy289065406/CVE-2019-5475

CWE-78 https://support.sonatype.com/hc/en-us/articles/360033490774-CVE-2019-5475-Nexus-Repository-Manager-2-OS-Command-Injection-2019-08-09 https://hackerone.com/reports/688270 https://nvd.nist.gov https://github.com/lyy289065406/CVE-2019-5475

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2019-15588

Vulnerability Summary

Vulnerability Trend

Github Repositories

References

Vulmon Search

About

Products

Connect