Vulnerabilities > CVE-2019-7238 - Unspecified vulnerability in Sonatype Nexus

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

HIGH

Integrity impact

HIGH

Availability impact

HIGH

network

low complexity

critical

nessus

NVD

Published: 2019-03-21

Updated: 2020-08-24

Summary

Sonatype Nexus Repository Manager before 3.15.0 has Incorrect Access Control.

Part	Description	Count
Application	Sonatype Sonatype Nexus - Sonatype Nexus 2.0.4 Sonatype Nexus 2.0.5 Sonatype Nexus 2.0.6 Sonatype Nexus 2.1 Sonatype Nexus 2.1.1 Sonatype Nexus 2.2 Sonatype Nexus 2.3.1 Sonatype Nexus 2.4.0 Sonatype Nexus 2.5.0 Sonatype Nexus 2.5.1 Sonatype Nexus 2.6.0 Sonatype Nexus 2.6.1 Sonatype Nexus 2.6.2 Sonatype Nexus 2.6.3 Sonatype Nexus 2.6.4 Sonatype Nexus 2.6.5 Sonatype Nexus 2.7.0 Sonatype Nexus 2.7.1 Sonatype Nexus 2.11.0 Sonatype Nexus 3.0.0	43

NASL family	Misc.
NASL id	SONATYPE_NEXUS_3_15.NASL
description	The Sonatype Nexus Repository Manager server application running on the remote host is version 3.x prior to 3.15.0. It is, therefore, affected by a remote code execution vulnerability due to insufficient access controls. An unauthenticated, remote attacker can exploit this to bypass authentication and execute arbitrary commands.
last seen	2020-06-01
modified	2020-06-02
plugin id	127058
published	2019-07-26
reporter	This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/127058
title	Sonatype Nexus Repository Manager Missing Access Controls RCE

id	THN:66694DD5D9C12B2B7881AB6C960E34DC
last seen	2019-07-25
modified	2019-07-25
published	2019-07-25
reporter	The Hacker News
source	https://thehackernews.com/2019/07/linux-malware-windows-bluekeep.html
title	Linux Botnet Adding BlueKeep-Flawed Windows RDP Servers to Its Target List