CVE-2019-15588

There is an OS Command Injection in Nexus Repository Manager = 2.14.14 bypass CVE-2019-5475 that could allow an attacker a Remote Code Execution RCE. All instances using CommandLineExecutor.java with user-supplied data is vulnerable, such as the Yum Configuration Capability...

Command injection

There is an OS Command Injection in Nexus Repository Manager = 2.14.14 bypass CVE-2019-5475 that could allow an attacker a Remote Code Execution RCE. All instances using CommandLineExecutor.java with user-supplied data is vulnerable, such as the Yum Configuration Capability...

CVE-2019-15588

There is an OS Command Injection in Nexus Repository Manager = 2.14.14 bypass CVE-2019-5475 that could allow an attacker a Remote Code Execution RCE. All instances using CommandLineExecutor.java with user-supplied data is vulnerable, such as the Yum Configuration Capability...

CVE-2019-15588

Summary (CVE-2019-15588) : Nexus Repository Manager versions up to 2.14.14 are affected by an OS command injection that can lead to remote code execution. The root cause involves untrusted data flowing into CommandLineExecutor.java, notably via the Yum Configuration Capability (createrepo/mergere...

Central Security Project: OS Command Injection in Nexus Repository Manager 2.x -- Bypass for Nexus Repository Manage 2.14.15-01 Command Injection fix

https://support.sonatype.com/hc/en-us/articles/360033490774 An OS command injection vulnerability has been discovered in Nexus Repository Manager requiring immediate action. The vulnerability allows for an attacker with administrative access to nxrm to execute arbitrary commands on the system. We...

CVE-2019-16530

Sonatype Nexus Repository Manager 2.x before 2.14.15 and 3.x before 3.19, and IQ Server before 72, has remote code execution...

CVE-2019-16530

Sonatype Nexus Repository Manager 2.x before 2.14.15 and 3.x before 3.19, and IQ Server before 72, has remote code execution...

Remote code execution

Sonatype Nexus Repository Manager 2.x before 2.14.15 and 3.x before 3.19, and IQ Server before 72, has remote code execution...

CVE-2019-16530

CVE-2019-16530 affects Sonatype Nexus Repository Manager (NXRM) 2.x before 2.14.15 and 3.x before 3.19, and IQ Server before 72, enabling remote code execution. Root cause reports indicate an attacker with sufficient privileges can upload a crafted file that executes code on the server. Several c...

CVE-2019-16530

Sonatype Nexus Repository Manager 2.x before 2.14.15 and 3.x before 3.19, and IQ Server before 72, has remote code execution...

Sonatype Nexus Repository Manager Remote Code Execution Vulnerability

Sonatype Nexus Repository Manager NXRM is a Maven repository manager from Sonatype USA. A remote code execution vulnerability exists in Sonatype NXRM version 2.x prior to 2.14.15, which can be exploited by an attacker to execute code...

CVE-2019-15893

Sonatype Nexus Repository Manager 2.x before 2.14.15 allows Remote Code Execution...

Remote code execution

Sonatype Nexus Repository Manager 2.x before 2.14.15 allows Remote Code Execution...

CVE-2019-15893

Sonatype Nexus Repository Manager 2.x before 2.14.15 allows Remote Code Execution...

CVE-2019-15893

CVE-2019-15893 affects Sonatype Nexus Repository Manager 2.x prior to 2.14.15. A vulnerability exists that, with administrative NXRM access, allows an attacker to create repositories that grant read/execute access to system data outside the intended scope, enabling remote code execution on the se...

Sonatype Nexus Repository Manager CVE-2019-15588 OS Command Injection Vulnerability

Description Sonatype Nexus Repository Manager is prone to an OS command-injection vulnerability. An attacker may exploit this issue to inject and execute arbitrary commands within the context of the affected application; this may aid in further attacks. Versions prior to Nexus Repository Manager...

Central Security Project: OS Command Injection in Nexus Repository Manager 2.x(bypass CVE-2019-5475)

OS Command Injection in Nexus Repository Manager 2.xbypass CVE-2019-5475 Maven artifact groupId: org.sonatype.nexus.plugins artifactId: nexus-yum-repository-plugin version: 2.14.14-01 Vulnerability Vulnerability Description The Nexus Yum Repository Plugin is vulnerable to Remote Code Execution. A...

Central Security Project: Unrestricted File Upload Leading to Remote Code Execution

Description As an administrator user it is possible to create files and directories in any location on the file system of the server. This can be abused to write files to any sensitive location on the Windows file system because the Nexus process runs with SYSTEM privileges. This can allows an...

Sonatype Nexus Repository Manager Cross-Site Scripting Vulnerability (CNVD-2020-22382)

Sonatype Nexus Repository Manager NXRM is a Maven repository manager from Sonatype USA. A cross-site scripting vulnerability exists in Sonatype Nexus Repository Manager. The vulnerability stems from a lack of proper validation of client-side data by the WEB application. An attacker can exploit th...

CVE-2019-14469

In Nexus Repository Manager before 3.18.0, users with elevated privileges can create stored XSS...