Vulnerabilities > Sonatype > Nexus Repository Manager
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-03-30 | CVE-2022-27907 | Server-Side Request Forgery (SSRF) vulnerability in Sonatype Nexus Repository Manager Sonatype Nexus Repository Manager 3.x before 3.38.0 allows SSRF. | 4.0 |
| 2022-03-17 | CVE-2021-43961 | Cross-site Scripting vulnerability in Sonatype Nexus Repository Manager Sonatype Nexus Repository Manager 3.36.0 allows HTML Injection. | 4.3 |
| 2021-11-04 | CVE-2021-43293 | Server-Side Request Forgery (SSRF) vulnerability in Sonatype Nexus Repository Manager Sonatype Nexus Repository Manager 3.x before 3.36.0 allows a remote authenticated attacker to potentially perform network enumeration via Server Side Request Forgery (SSRF). | 4.0 |
| 2021-11-02 | CVE-2021-42568 | Information Exposure vulnerability in Sonatype Nexus Repository Manager Sonatype Nexus Repository Manager 3.x through 3.35.0 allows attackers to access the SSL Certificates Loading function via a low-privileged account. | 4.0 |
| 2021-08-10 | CVE-2021-37152 | Cross-site Scripting vulnerability in Sonatype Nexus Repository Manager Multiple XSS issues exist in Sonatype Nexus Repository Manager 3 before 3.33.0. | 3.5 |
| 2021-06-18 | CVE-2021-34553 | Path Traversal vulnerability in Sonatype Nexus Repository Manager Sonatype Nexus Repository Manager 3.x before 3.31.0 allows a remote authenticated attacker to get a list of blob files and read the content of a blob file (via a GET request) without having been granted access. | 4.0 |
| 2021-04-28 | CVE-2021-29159 | Cross-site Scripting vulnerability in Sonatype Nexus Repository Manager A cross-site scripting (XSS) vulnerability has been discovered in Nexus Repository Manager 3.x before 3.30.1. | 4.3 |
| 2021-04-27 | CVE-2021-30635 | Path Traversal vulnerability in Sonatype Nexus Repository Manager Sonatype Nexus Repository Manager 3.x before 3.30.1 allows a remote attacker to get a list of files and directories that exist in a UI-related folder via directory traversal (no customer-specific data is exposed). | 5.0 |
| 2020-12-17 | CVE-2020-29436 | XXE vulnerability in Sonatype Nexus Repository Manager Sonatype Nexus Repository Manager 3.x before 3.29.0 allows a user with admin privileges to configure the system to gain access to content outside of NXRM via an XXE vulnerability. | 5.5 |
| 2020-10-12 | CVE-2020-15012 | Path Traversal vulnerability in Sonatype Nexus Repository Manager A Directory Traversal issue was discovered in Sonatype Nexus Repository Manager 2.x before 2.14.19. | 7.8 |