Vulnerabilities > Sonatype > Nexus Repository Manager > 2.14.14.01
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-10-12 | CVE-2020-15012 | Path Traversal vulnerability in Sonatype Nexus Repository Manager A Directory Traversal issue was discovered in Sonatype Nexus Repository Manager 2.x before 2.14.19. | 7.8 |
| 2020-04-27 | CVE-2020-11415 | Cleartext Storage of Sensitive Information vulnerability in Sonatype Nexus Repository Manager An issue was discovered in Sonatype Nexus Repository Manager 2.x before 2.14.17 and 3.x before 3.22.1. | 4.0 |
| 2019-10-16 | CVE-2019-15893 | Unspecified vulnerability in Sonatype Nexus Repository Manager Sonatype Nexus Repository Manager 2.x before 2.14.15 allows Remote Code Execution. | 6.5 |
| 2019-07-08 | CVE-2019-9630 | Incorrect Default Permissions vulnerability in Sonatype Nexus Repository Manager Sonatype Nexus Repository Manager before 3.17.0 has a weak default of giving any unauthenticated user read permissions on the repository files and images. | 5.0 |
| 2019-07-08 | CVE-2019-9629 | Improper Authentication vulnerability in Sonatype Nexus Repository Manager Sonatype Nexus Repository Manager before 3.17.0 establishes a default administrator user with weak defaults (fixed credentials). | 7.5 |
| 2018-11-15 | CVE-2018-16621 | Expression Language Injection vulnerability in Sonatype Nexus Repository Manager Sonatype Nexus Repository Manager before 3.14 allows Java Expression Language Injection. | 6.5 |
| 2018-11-15 | CVE-2018-16620 | Incorrect Authorization vulnerability in Sonatype Nexus Repository Manager Sonatype Nexus Repository Manager before 3.14 has Incorrect Access Control. | 5.0 |
| 2018-11-15 | CVE-2018-16619 | Cross-site Scripting vulnerability in Sonatype Nexus Repository Manager Sonatype Nexus Repository Manager before 3.14 allows XSS. | 4.3 |