Sonatype Nexus Repository before 3.21.2 allows Remote Code Execution.
ericalexanderorg at 2020-04-03T13:18:21.103807Z reported: Wording on this and eludes to an authenticated RCE, but they consider an anonymous user authenticated. Nexus servers store artifacts that could be altered to pivot elsewhere. This will be a high when POC surfaces, for now I'm going lower. The number of much older versions (that also have vulnerabilities) in shodan suggests many organizations are not keeping up with patching.
Assessed Attacker Value: 3 Assessed Exploitability: 1