Lucene search

[email protected]CVE-2014-9389

HistoryJan 05, 2015 - 8:59 p.m.

CVE-2014-9389

2015-01-0520:59:09

CWE-22

[email protected]

web.nvd.nist.gov

cve-2014-9389

directory traversal

sonatype nexus oss

sonatype nexus pro

remote attack

file read

file write

nvd

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

7 High

AI Score

Confidence

Low

0.006 Low

EPSS

Percentile

79.1%

JSON

Directory traversal vulnerability in Sonatype Nexus OSS and Pro before 2.11.1-01 allows remote attackers to read or write to arbitrary files via unspecified vectors.

Affected configurations

NVD

Node

sonatypenexusRange≤2.11.0oss

sonatypenexusRange≤2.11.0pro

CPENameOperatorVersion
sonatype:nexussonatype nexusle2.11.0

CPE	Name	Operator	Version
sonatype:nexus	sonatype nexus	le	2.11.0

References

secunia.com/advisories/61134

www.sonatype.org/advisories/archive/2014-12-23-Nexus/

support.sonatype.com/entries/84705937-CVE-2014-9389-Nexus-Security-Advisory-Directory-Traversal

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

7 High

AI Score

Confidence

Low

0.006 Low

EPSS

Percentile

79.1%

JSON

Related for CVE-2014-9389

openvas1 prion1 cvelist1 nvd1