Lucene search
K

412 matches found

CVE
CVE
added 2020/04/02 5:22 p.m.237 views

CVE-2020-11444

CVE-2020-11444 affects Sonatype Nexus Repository Manager 3.x up to 3.21.2, with an Incorrect Access Control flaw that enables unauthorized actions on the server. Red Hat and CNVD entries confirm the issue exists in Nexus 3.x; public exploit references show a workaround: an unauthenticated or mini...

8.8CVSS8.7AI score0.08508EPSS
Exploits2References2Affected Software1
Cvelist
Cvelist
added 2020/04/02 5:22 p.m.16 views

CVE-2020-11444

Sonatype Nexus Repository Manager 3.x up to and including 3.21.2 has Incorrect Access Control...

8.8AI score0.08508EPSS
Exploits2References2
CNVD
CNVD
added 2020/04/02 12:0 a.m.2 views

Sonatype Nexus Repository Manager Command Execution Vulnerability

Sonatype Nexus Repository Manager NXRM is a Maven repository manager from Sonatype USA. A command execution vulnerability exists in Sonatype Nexus Repository Manager. An attacker can exploit this vulnerability to execute code...

9CVSS7.4AI score0.24318EPSS
Exploits3References1
CNVD
CNVD
added 2020/04/02 12:0 a.m.4 views

Sonatype Nexus Repository Manager Command Execution Vulnerability (CNVD-2020-28477)

Sonatype Nexus Repository Manager NXRM is a Maven repository manager from Sonatype USA. A command execution vulnerability exists in Sonatype Nexus Repository Manager. An attacker can exploit this vulnerability to execute arbitrary code with the help of a malicious request...

9CVSS9.7AI score0.99064EPSS
Exploits10References1
NVD
NVD
added 2020/04/01 7:15 p.m.10 views

CVE-2020-10203

Sonatype Nexus Repository before 3.21.2 allows XSS...

4.8CVSS5.2AI score0.00918EPSS
Exploits0References1
NVD
NVD
added 2020/04/01 7:15 p.m.15 views

CVE-2020-10199

Sonatype Nexus Repository before 3.21.2 allows JavaEL Injection issue 1 of 2...

9CVSS8.9AI score0.99064EPSS
Exploits10References5
OSV
OSV
added 2020/04/01 7:15 p.m.2 views

CVE-2020-10199

Sonatype Nexus Repository before 3.21.2 allows JavaEL Injection issue 1 of 2...

8.8CVSS7.3AI score0.99064EPSS
Exploits10References5
NVD
NVD
added 2020/04/01 7:15 p.m.14 views

CVE-2020-10204

Sonatype Nexus Repository before 3.21.2 allows Remote Code Execution...

9CVSS7.2AI score0.24318EPSS
Exploits3References1
Prion
Prion
added 2020/04/01 7:15 p.m.11 views

Cross site scripting

Sonatype Nexus Repository before 3.21.2 allows XSS...

3.5CVSS5.1AI score0.00918EPSS
Exploits0References1Affected Software1
Prion
Prion
added 2020/04/01 7:15 p.m.26 views

Crlf injection

Sonatype Nexus Repository before 3.21.2 allows JavaEL Injection issue 1 of 2...

9CVSS8.8AI score0.99064EPSS
Exploits10References4Affected Software1
Vulnrichment
Vulnrichment
added 2020/04/01 6:27 p.m.5 views

CVE-2020-10199

Sonatype Nexus Repository before 3.21.2 allows JavaEL Injection issue 1 of 2...

7.1AI score0.99064EPSS
Exploits10References4
Cvelist
Cvelist
added 2020/04/01 6:27 p.m.29 views

CVE-2020-10199

Sonatype Nexus Repository before 3.21.2 allows JavaEL Injection issue 1 of 2...

8.8AI score0.99064EPSS
Exploits10References4
CVE
CVE
added 2020/04/01 6:27 p.m.1338 views

CVE-2020-10199

CVE-2020-10199 is a remote code execution vulnerability in Sonatype Nexus Repository Manager (NXRM) caused by a Java EL injection vulnerability. Affected versions are NXRM prior to 3.21.2 (with references noting exploitable in 3.21.1 and earlier). The underlying issue is a Java EL injection in Ne...

9CVSS8.6AI score0.99064EPSS
In wildExploits10References5Affected Software1
Cvelist
Cvelist
added 2020/04/01 6:21 p.m.16 views

CVE-2020-10204

Sonatype Nexus Repository before 3.21.2 allows Remote Code Execution...

7.2AI score0.24318EPSS
Exploits3References1
CVE
CVE
added 2020/04/01 6:4 p.m.81 views

CVE-2020-10203

The provided connected documents confirm CVE-2020-10203 affects Sonatype Nexus Repository prior to version 3.21.2, describing a cross-site scripting (XSS) vulnerability. The materials do not specify the root cause, affected subcomponents, technical details, exploit status, or a remediation/workar...

4.8CVSS5.1AI score0.00918EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2020/04/01 6:4 p.m.13 views

CVE-2020-10203

Sonatype Nexus Repository before 3.21.2 allows XSS...

5.1AI score0.00918EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2020/04/01 12:0 a.m.40 views

CVE-2020-10199

Sonatype Nexus Repository before 3.21.2 allows JavaEL Injection issue 1 of 2. Recent assessments: wvu-r7 at April 04, 2020 5:05am UTC reported: WIP exploit module: https://github.com/rapid7/metasploit-framework/pull/13195. Assessed Attacker Value: 0 Assessed Attacker Value: 0Assessed Attacker...

9CVSS8.7AI score0.99064EPSS
In wildExploits10References6
Positive Technologies
Positive Technologies
added 2020/04/01 12:0 a.m.2 views

PT-2020-6522 · Sonatype · Sonatype Nexus Repository +1

Name of the Vulnerable Software and Affected Versions: Sonatype Nexus Repository versions prior to 3.21.2 Description: The issue is related to incorrect code generation management in the Sonatype Nexus Repository Manager, which can be exploited by a remote attacker to execute arbitrary code by...

9CVSS8AI score0.99064EPSS
Exploits11References17
ATTACKERKB
ATTACKERKB
added 2020/04/01 12:0 a.m.26 views

CVE-2020-10204

Sonatype Nexus Repository before 3.21.2 allows Remote Code Execution. Recent assessments: ericalexanderorg at April 03, 2020 1:18pm UTC reported: Wording on this and eludes to an authenticated RCE, but they consider an anonymous user authenticated. Nexus servers store artifacts that could be...

9CVSS4.1AI score0.24318EPSS
Exploits3References2
Check Point Advisories
Check Point Advisories
added 2019/11/18 12:0 a.m.9 views

Sonatype Nexus Repository Manager 3 Remote Code Execution (CVE-2019-7238)

A remote code execution vulnerability exists in Sonatype Nexus Repository Manager 3. This vulnerability is due to insufficient validation of the parameter in the previewAssets function. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the...

7.5CVSS4.9AI score0.76526EPSS
Exploits4
Rows per page
Query Builder