CVE-2019-11629

CVE-2019-11629 concerns Nexus Repository Manager 2.x prior to 2.14.13, where a cross-site scripting (XSS) vulnerability exists in the web application. Description in the provided documents states that the vulnerability allows XSS but does not detail specific affected components beyond the product...

Sonatype Nexus Repository Manager Cross-Site Scripting Vulnerability (CNVD-2019-13256)

Sonatype Nexus Repository Manager NXRM is a Maven repository manager from Sonatype USA. A cross-site scripting vulnerability exists in Sonatype NXRM, which stems from a WEB application that fails to properly validate client-side data and can be exploited by an attacker to execute client-side code...

TomTom: Anonymous user login to Nexus Repository Manager

Hello, By default the Nexus Repository Manager has two login users one is admin and the other is anonymous. The default password for the user "admin" is admin123 The default password for the user "anonymous" is anonymous On your Nexus Repository Manager the password for the user admin has been...

Insecure Access Controls

Sonatype Nexus Repository Manager is use an insecure access controls. An unauthenticated user can craft requests in a way that can allow execution of arbitrary code and programs on the host system...

CVE-2019-7238

Sonatype Nexus Repository Manager before 3.15.0 has Incorrect Access Control...

Improper access control

Sonatype Nexus Repository Manager before 3.15.0 has Incorrect Access Control...

CVE-2019-7238

CVE-2019-7238 affects Sonatype Nexus Repository Manager 3.x and is due to Incorrect Access Control that can enable remote code execution. Affected: Nexus Repository Manager before 3.15.0 (unauthenticated/or external access could trigger RCE). Documented exploitation exists in public artifacts (e....

Nexus Repository Manager 3 new vulnerability has been used in mining Trojan spread, users are advised to fix as soon as possible-vulnerability warning-the black bar safety net

Recently, Ali cloud security monitoring to watchbog mining Trojan use the new exposure of the Nexus Repository Manager 3 remote code execution vulnerabilityCVE-2019-7238for attack and mining the events. It is worth noting that this attack Start Time 2 on 24th and 2 on 5 May above products, the...

Sonatype Nexus Repository Manager Cross-Site Scripting Vulnerability (CNVD-2019-07005)

Sonatype Nexus Repository Manager aka NXRM is a maven repository manager. A cross-site scripting vulnerability exists in Sonatype NXRM versions prior to 3.14. A remote attacker can exploit this vulnerability to execute arbitrary JavaScript code in a user's browser...

Sonatype Nexus Repository Manager Java Code Execution Vulnerability

Sonatype Nexus Repository Manager aka NXRM is a maven repository manager. A security vulnerability exists in Sonatype NXRM versions prior to 3.14. An attacker can exploit the vulnerability to execute code on the server...

Sonatype Nexus Repository Manager Improper Access Control Vulnerability

Sonatype Nexus Repository Manager aka NXRM is a maven repository manager. A security vulnerability exists in Sonatype NXRM versions prior to 3.14, which is caused by the program failing to enforce proper access control. The vulnerability can be exploited to gain access to other hosts and open por...

CVE-2018-16620

Sonatype Nexus Repository Manager before 3.14 has Incorrect Access Control...

Cross site scripting

Sonatype Nexus Repository Manager before 3.14 allows XSS...

CVE-2018-16621

Sonatype Nexus Repository Manager before 3.14 allows Java Expression Language Injection...

CVE-2018-16619

Sonatype Nexus Repository Manager before 3.14 allows XSS...

CVE-2018-16620

Sonatype Nexus Repository Manager before 3.14 has Incorrect Access Control...

CVE-2018-16619

Sonatype Nexus Repository Manager before 3.14 allows XSS...

Design/Logic Flaw

Sonatype Nexus Repository Manager before 3.14 allows Java Expression Language Injection...

CVE-2018-16621

Sonatype Nexus Repository Manager before 3.14 allows Java Expression Language Injection...

CVE-2018-16620

The CVE-2018-16620 entry concerns Sonatype Nexus Repository Manager prior to 3.14, with Improper/Incorrect Access Control. Multiple connected sources confirm the issue arises from failing to enforce access controls, enabling a misbehavior that could let an attacker reach other hosts or open ports...