Lucene search
HistoryApr 01, 2014 - 3:25 a.m.
CVE-2014-2034
cve-2014-2034
sonatype nexus
oss
pro
arbitrary user accounts
unauthenticated execution path
7.5 High
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
6.9 Medium
AI Score
Confidence
Low
0.015 Low
EPSS
Percentile
87.2%
Unspecified vulnerability in Sonatype Nexus OSS and Pro 2.4.0 through 2.7.1 allows attackers to create arbitrary user accounts via unknown vectors related to “an unauthenticated execution path.”
Affected configurations
Node
sonatypenexusMatch2.4.0open_source
ORsonatypenexusMatch2.4.0professional
ORsonatypenexusMatch2.5.0open_source
ORsonatypenexusMatch2.5.0professional
ORsonatypenexusMatch2.6.0open_source
ORsonatypenexusMatch2.6.0professional
ORsonatypenexusMatch2.6.1open_source
ORsonatypenexusMatch2.6.1professional
ORsonatypenexusMatch2.6.2open_source
ORsonatypenexusMatch2.6.2professional
ORsonatypenexusMatch2.6.3open_source
ORsonatypenexusMatch2.6.3professional
ORsonatypenexusMatch2.6.4open_source
ORsonatypenexusMatch2.6.4professional
ORsonatypenexusMatch2.6.5professional
ORsonatypenexusMatch2.7.0open_source
ORsonatypenexusMatch2.7.0professional
ORsonatypenexusMatch2.7.1open_source
ORsonatypenexusMatch2.7.1professional
Related
openvas
openvas
Sonatype Nexus OSS/Pro Security Bypass Vulnerability
2015-01-27 00:00:00
cvelist
cvelist
CVE-2014-2034
2014-04-01 00:00:00
nvd
nvd
CVE-2014-2034
2014-04-01 03:25:11
prion
prion
Path traversal
2014-04-01 03:25:00
seebug
seebug
Sonatype Nexus安全绕过漏洞
2014-03-07 00:00:00
7.5 High
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
6.9 Medium
AI Score
Confidence
Low
0.015 Low
EPSS
Percentile
87.2%
Related for CVE-2014-2034