7.5
CVSSv2

CVE-2019-7238

Published: 21/03/2019 Updated: 26/03/2019
CVSS v2 Base Score: 7.5 | Impact Score: 6.4 | Exploitability Score: 10
CVSS v3 Base Score: 9.8 | Impact Score: 5.9 | Exploitability Score: 3.9
VMScore: 668
Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P

Vulnerability Summary

Sonatype Nexus Repository Manager prior to 3.15.0 has Incorrect Access Control.

Vulnerability Trend

Affected Products

Vendor Product Versions
SonatypeNexus2.0.4, 2.0.5, 2.0.6, 2.1, 2.1.1, 2.2, 2.3.1, 2.4.0, 2.5.0, 2.5.1, 2.6.0, 2.6.1, 2.6.2, 2.6.3, 2.6.4, 2.6.5, 2.7.0, 2.7.1, 2.11.0

Github Repositories

CVE-2019-7238 Nexus Repository Manager 3 Remote Code Execution without authentication < 3150 found by Rico Tencent Security Yunding Lab and @voidfyoo Detailed analysis (english): chybetagithubio/2019/02/18/Nexus-Repository-Manager-3-RCE-%E5%88%86%E6%9E%90-%E3%80%90CVE-2019-7238%E3%80%91/ Detailed analysis (not english): xzaliyuncom/t/4136 https:

CVE-2019-7238 Nexus Repository Manager 3 Remote Code Execution without authentication < 3150