Vulnerabilities > CVE-2019-7238 - Unspecified vulnerability in Sonatype Nexus

047910
CVSS 9.8 - CRITICAL
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
HIGH
Integrity impact
HIGH
Availability impact
HIGH
network
low complexity
sonatype
critical
nessus

Summary

Sonatype Nexus Repository Manager before 3.15.0 has Incorrect Access Control.

Nessus

NASL familyMisc.
NASL idSONATYPE_NEXUS_3_15.NASL
descriptionThe Sonatype Nexus Repository Manager server application running on the remote host is version 3.x prior to 3.15.0. It is, therefore, affected by a remote code execution vulnerability due to insufficient access controls. An unauthenticated, remote attacker can exploit this to bypass authentication and execute arbitrary commands.
last seen2020-06-01
modified2020-06-02
plugin id127058
published2019-07-26
reporterThis script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
sourcehttps://www.tenable.com/plugins/nessus/127058
titleSonatype Nexus Repository Manager Missing Access Controls RCE

The Hacker News

idTHN:66694DD5D9C12B2B7881AB6C960E34DC
last seen2019-07-25
modified2019-07-25
published2019-07-25
reporterThe Hacker News
sourcehttps://thehackernews.com/2019/07/linux-malware-windows-bluekeep.html
titleLinux Botnet Adding BlueKeep-Flawed Windows RDP Servers to Its Target List