There is an OS Command Injection in Nexus Repository Manager <= 2.14.14 (bypass CVE-2019-5475) that could allow an attacker a Remote Code Execution (RCE). All instances using CommandLineExecutor.java with user-supplied data is vulnerable, such as the Yum Configuration Capability.
[
{
"product": "Nexus Repository Manager",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "<= 2.14.14"
}
]
}
]