Vulnerabilities > Sonatype > Nexus Repository Manager > 2.14.17
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-10-12 | CVE-2020-15012 | Path Traversal vulnerability in Sonatype Nexus Repository Manager A Directory Traversal issue was discovered in Sonatype Nexus Repository Manager 2.x before 2.14.19. | 7.8 |
| 2019-07-08 | CVE-2019-9630 | Incorrect Default Permissions vulnerability in Sonatype Nexus Repository Manager Sonatype Nexus Repository Manager before 3.17.0 has a weak default of giving any unauthenticated user read permissions on the repository files and images. | 5.0 |
| 2019-07-08 | CVE-2019-9629 | Improper Authentication vulnerability in Sonatype Nexus Repository Manager Sonatype Nexus Repository Manager before 3.17.0 establishes a default administrator user with weak defaults (fixed credentials). | 7.5 |
| 2018-11-15 | CVE-2018-16621 | Expression Language Injection vulnerability in Sonatype Nexus Repository Manager Sonatype Nexus Repository Manager before 3.14 allows Java Expression Language Injection. | 6.5 |
| 2018-11-15 | CVE-2018-16620 | Incorrect Authorization vulnerability in Sonatype Nexus Repository Manager Sonatype Nexus Repository Manager before 3.14 has Incorrect Access Control. | 5.0 |
| 2018-11-15 | CVE-2018-16619 | Cross-site Scripting vulnerability in Sonatype Nexus Repository Manager Sonatype Nexus Repository Manager before 3.14 allows XSS. | 4.3 |