This Week in Security News: Banking Malware and Phishing Campaigns

Welcome to our weekly roundup, where we share what you need to know about the cybersecurity news and events that happened over the past few days. This week, learn about the banking malware Anubis that has been retooled for use in fresh attack waves. Also, read about a new phishing campaign that...

Sonatype Nexus Repository Manager Weak Password Vulnerability

Sonatype Nexus Repository Manager NXRM is a Maven repository manager from Sonatype USA. A security vulnerability exists in Sonatype NXRM versions prior to 3.17.0, which stems from the default administrator account password being set to admin/admin123, which can be exploited by an attacker to gain...

Sonatype Nexus Repository Manager Information Disclosure Vulnerability

Sonatype Nexus Repository Manager NXRM is a Maven repository manager from Sonatype USA. A security vulnerability exists in Sonatype NXRM versions prior to 3.17.0. An attacker can exploit the vulnerability to read files and images in the repository...

CVE-2019-9630

Sonatype Nexus Repository Manager before 3.17.0 has a weak default of giving any unauthenticated user read permissions on the repository files and images...

CVE-2019-9629

Sonatype Nexus Repository Manager before 3.17.0 establishes a default administrator user with weak defaults fixed credentials...

CVE-2019-9629

Sonatype Nexus Repository Manager before 3.17.0 establishes a default administrator user with weak defaults fixed credentials...

Design/Logic Flaw

Sonatype Nexus Repository Manager before 3.17.0 has a weak default of giving any unauthenticated user read permissions on the repository files and images...

CVE-2019-9630

Sonatype Nexus Repository Manager before 3.17.0 has a weak default of giving any unauthenticated user read permissions on the repository files and images...

CVE-2019-9629

Sonatype Nexus Repository Manager before 3.17.0 establishes a default administrator user with weak defaults fixed credentials...

VulnCheck KEV: CVE-2019-7238

Sonatype Nexus Repository Manager before 3.15.0 has an incorrect access control vulnerability. Exploitation allows for remote code execution...

CVE-2019-11629

Sonatype Nexus Repository Manager 2.x before 2.14.13 allows XSS...

CVE-2019-11629

CVE-2019-11629 concerns Nexus Repository Manager 2.x prior to 2.14.13, where a cross-site scripting (XSS) vulnerability exists in the web application. Description in the provided documents states that the vulnerability allows XSS but does not detail specific affected components beyond the product...

Sonatype Nexus Repository Manager Cross-Site Scripting Vulnerability (CNVD-2019-13256)

Sonatype Nexus Repository Manager NXRM is a Maven repository manager from Sonatype USA. A cross-site scripting vulnerability exists in Sonatype NXRM, which stems from a WEB application that fails to properly validate client-side data and can be exploited by an attacker to execute client-side code...

TomTom: Anonymous user login to Nexus Repository Manager

Hello, By default the Nexus Repository Manager has two login users one is admin and the other is anonymous. The default password for the user "admin" is admin123 The default password for the user "anonymous" is anonymous On your Nexus Repository Manager the password for the user admin has been...

Insecure Access Controls

Sonatype Nexus Repository Manager is use an insecure access controls. An unauthenticated user can craft requests in a way that can allow execution of arbitrary code and programs on the host system...

CVE-2019-7238

Sonatype Nexus Repository Manager before 3.15.0 has Incorrect Access Control...

Improper access control

Sonatype Nexus Repository Manager before 3.15.0 has Incorrect Access Control...

Nexus Repository Manager 3 new vulnerability has been used in mining Trojan spread, users are advised to fix as soon as possible-vulnerability warning-the black bar safety net

Recently, Ali cloud security monitoring to watchbog mining Trojan use the new exposure of the Nexus Repository Manager 3 remote code execution vulnerabilityCVE-2019-7238for attack and mining the events. It is worth noting that this attack Start Time 2 on 24th and 2 on 5 May above products, the...

Sonatype Nexus Repository Manager Java Code Execution Vulnerability

Sonatype Nexus Repository Manager aka NXRM is a maven repository manager. A security vulnerability exists in Sonatype NXRM versions prior to 3.14. An attacker can exploit the vulnerability to execute code on the server...

Sonatype Nexus Repository Manager Improper Access Control Vulnerability

Sonatype Nexus Repository Manager aka NXRM is a maven repository manager. A security vulnerability exists in Sonatype NXRM versions prior to 3.14, which is caused by the program failing to enforce proper access control. The vulnerability can be exploited to gain access to other hosts and open por...