Lucene search
K

17 matches found

RedhatCVE
RedhatCVE
added 2025/05/22 5:38 p.m.5 views

CVE-2020-10199

Sonatype Nexus Repository before 3.21.2 allows JavaEL Injection issue 1 of 2...

9CVSS7.1AI score0.99064EPSS
Exploits10References1
Tenable Nessus
Tenable Nessus
added 2021/11/08 12:0 a.m.483 views

Sonatype Nexus Repository Manager 3.x < 3.21.2 RCE

The Sonatype Nexus Repository Manager server application running on the remote host is version 3.x prior to 3.21.2. It is, therefore, affected by a remote code execution vulnerability, which allows for an attacker with any type of account on NXRM to execute arbitrary code by crafting a malicious...

9CVSS9AI score0.99064EPSS
Exploits10References2
VulnCheck KEV
VulnCheck KEV
added 2021/11/03 12:0 a.m.4 views

VulnCheck KEV: CVE-2020-10199

Sonatype Nexus Repository contains an unspecified vulnerability that allows for remote code execution...

9CVSS7.5AI score0.99064EPSS
Exploits10References1
Packet Storm
Packet Storm
added 2021/01/07 12:0 a.m.564 views

Sonatype Nexus 3.21.1 Remote Code Execution

Exploit Title: Sonatype Nexus 3.21.1 - Remote Code Execution Authenticated Exploit Author: 1F98D Original Author: Alvaro Muñoz Date: 27 May 2020 Vendor Hompage: https://www.sonatype.com/ CVE: CVE-2020-10199 Tested on: Windows 10 x64 References:...

9CVSS8.7AI score0.99064EPSS
Exploits10
Gitee
Gitee
added 2020/05/27 2:46 p.m.5 views

Exploit for Expression Language Injection in Sonatype Nexus

Nexus Repository Manager 3 Vuln 影响版本:= 3.21.2 CVE-2020-10199、CVE-2020-10204、CVE-2020-11444 CVE-2020-10199 远程代码命令执行 回显poc 不回显poc $\A''.getClass.forName'java.lang.Runtime'.getMethods6.invokenull.exec'touch /tmp/cve-2020-10199' 普通用户权限 /service/rest/beta/repositories/go/group 需要管理员权限 1...

9CVSS9.4AI score0.99064EPSS
Exploits12
Check Point Advisories
Check Point Advisories
added 2020/05/24 12:0 a.m.15 views

Sonatype Nexus Repository Manager Remote Code Execution (CVE-2020-10199)

A remote code execution vulnerability exists in Sonatype Nexus Repository Manager. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected system...

9CVSS5.1AI score0.99064EPSS
Exploits10
Exploit DB
Exploit DB
added 2020/04/17 12:0 a.m.502 views

Nexus Repository Manager - Java EL Injection RCE (Metasploit)

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Nexus Repository Manager Java EL Injection RCE', 'Description' = %q This module exploits a Java Expression Language EL injection in Nexus...

9CVSS8.7AI score0.99064EPSS
Exploits10
GithubExploit
GithubExploit
added 2020/04/16 9:40 a.m.108 views

Exploit for Expression Language Injection in Sonatype Nexus

PoC exploit for CVE-2020-10199, a remote code execution vulnerab...

9CVSS9.4AI score0.99064EPSS
Exploits10
Circl
Circl
added 2020/04/16 12:38 a.m.22 views

CVE-2020-10199

creationtimestamp| type| source ---|---|--- 2020-04-16 00:38:18+00:00| seen| https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/linux/http/nexusrepomanagerelinjection.rb 2020-04-17 00:00:00+00:00| exploited| https://www.exploit-db.com/exploits/48343 2021-01-06...

9CVSS7.3AI score0.99064EPSS
Exploits10References8
Packet Storm
Packet Storm
added 2020/04/16 12:0 a.m.259 views

Nexus Repository Manager 3.21.1-01 Remote Code Execution

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Nexus Repository Manager Java EL Injection RCE', 'Description' = %q This module exploits a Java Expression Language EL injection in Nexus...

9CVSS8.7AI score0.99064EPSS
Exploits10
0day.today
0day.today
added 2020/04/16 12:0 a.m.208 views

Nexus Repository Manager 3.21.1-01 Remote Code Execution Exploit

This Metasploit module exploits a Java Expression Language EL injection in Nexus Repository Manager versions up to and including 3.21.1 to execute code as the Nexus user. Tested against 3.21.1-01. This module requires Metasploit: https://metasploit.com/download Current source:...

9CVSS9AI score0.99064EPSS
Exploits10
Metasploit
Metasploit
added 2020/04/15 8:49 p.m.88 views

Nexus Repository Manager Java EL Injection RCE

This module exploits a Java Expression Language EL injection in Nexus Repository Manager versions up to and including 3.21.1 to execute code as the Nexus user. This is a post-authentication vulnerability, so credentials are required to exploit the bug. Any user regardless of privilege level may b...

8.8CVSS0.4AI score0.99064EPSS
Exploits10
vulnersOsv
vulnersOsv
added 2020/04/14 3:27 p.m.5 views

org.sonatype.nexus.assemblies:nexus-base-feature (>=3.10.0-04 <=3.21.1-01), org.sonatype.nexus.assemblies:nexus-base-template (>=3.10.0-04 <=3.21.1-01) +33 more potentially affected by CVE-2020-10199 via org.sonatype.nexus:nexus-extdirect (>=3.10.0-04 <=3.21.1-01)

org.sonatype.nexus:nexus-extdirect MAVEN version =3.10.0-04, =3.10.0-04, =3.10.0-04, =3.21.0-01, =3.12.0-01, =3.10.0-04, =3.12.0-01, =3.10.0-04, =3.17.0-01, =0.0.1, =0.0.2, =0.0.3, =0.0.4, =0.0.13, =1.0.3 and more Source cves: CVE-2020-10199 Source advisory:...

9CVSS7.2AI score0.99064EPSS
Exploits10
Vulnrichment
Vulnrichment
added 2020/04/01 6:27 p.m.5 views

CVE-2020-10199

Sonatype Nexus Repository before 3.21.2 allows JavaEL Injection issue 1 of 2...

7.1AI score0.99064EPSS
Exploits10References4
Cvelist
Cvelist
added 2020/04/01 6:27 p.m.30 views

CVE-2020-10199

Sonatype Nexus Repository before 3.21.2 allows JavaEL Injection issue 1 of 2...

8.8AI score0.99064EPSS
Exploits10References4
CVE
CVE
added 2020/04/01 6:27 p.m.1341 views

CVE-2020-10199

CVE-2020-10199 is a remote code execution vulnerability in Sonatype Nexus Repository Manager (NXRM) caused by a Java EL injection vulnerability. Affected versions are NXRM prior to 3.21.2 (with references noting exploitable in 3.21.1 and earlier). The underlying issue is a Java EL injection in Ne...

9CVSS8.6AI score0.99064EPSS
In wildExploits10References5Affected Software1
ATTACKERKB
ATTACKERKB
added 2020/04/01 12:0 a.m.40 views

CVE-2020-10199

Sonatype Nexus Repository before 3.21.2 allows JavaEL Injection issue 1 of 2. Recent assessments: wvu-r7 at April 04, 2020 5:05am UTC reported: WIP exploit module: https://github.com/rapid7/metasploit-framework/pull/13195. Assessed Attacker Value: 0 Assessed Attacker Value: 0Assessed Attacker...

9CVSS8.7AI score0.99064EPSS
In wildExploits10References6
Rows per page
Query Builder