Vulnerabilities > Sonatype > Nexus Repository Manager > 2.14.19

DATE CVE VULNERABILITY TITLE RISK
2019-07-08 CVE-2019-9630 Incorrect Default Permissions vulnerability in Sonatype Nexus Repository Manager
Sonatype Nexus Repository Manager before 3.17.0 has a weak default of giving any unauthenticated user read permissions on the repository files and images.
network
low complexity
sonatype CWE-276
7.5
7.5
2019-07-08 CVE-2019-9629 Improper Authentication vulnerability in Sonatype Nexus Repository Manager
Sonatype Nexus Repository Manager before 3.17.0 establishes a default administrator user with weak defaults (fixed credentials).
network
low complexity
sonatype CWE-287
critical
 9.8
9.8
2018-11-15 CVE-2018-16621 Expression Language Injection vulnerability in Sonatype Nexus Repository Manager
Sonatype Nexus Repository Manager before 3.14 allows Java Expression Language Injection.
network
low complexity
sonatype CWE-917
7.2
7.2
2018-11-15 CVE-2018-16620 Incorrect Authorization vulnerability in Sonatype Nexus Repository Manager
Sonatype Nexus Repository Manager before 3.14 has Incorrect Access Control.
network
low complexity
sonatype CWE-863
7.5
7.5
2018-11-15 CVE-2018-16619 Cross-site Scripting vulnerability in Sonatype Nexus Repository Manager
Sonatype Nexus Repository Manager before 3.14 allows XSS.
network
low complexity
sonatype CWE-79
6.1
6.1