Vulnerabilities > Sonatype > Nexus Repository Manager > 3.12.0

DATE CVE VULNERABILITY TITLE RISK
2019-07-08 CVE-2019-9630 Incorrect Default Permissions vulnerability in Sonatype Nexus Repository Manager
Sonatype Nexus Repository Manager before 3.17.0 has a weak default of giving any unauthenticated user read permissions on the repository files and images.
network
low complexity
sonatype CWE-276
5.0
5.0
2019-07-08 CVE-2019-9629 Improper Authentication vulnerability in Sonatype Nexus Repository Manager
Sonatype Nexus Repository Manager before 3.17.0 establishes a default administrator user with weak defaults (fixed credentials).
network
low complexity
sonatype CWE-287
7.5
7.5
2018-11-15 CVE-2018-16621 Expression Language Injection vulnerability in Sonatype Nexus Repository Manager
Sonatype Nexus Repository Manager before 3.14 allows Java Expression Language Injection.
network
low complexity
sonatype CWE-917
6.5
6.5
2018-11-15 CVE-2018-16620 Incorrect Authorization vulnerability in Sonatype Nexus Repository Manager
Sonatype Nexus Repository Manager before 3.14 has Incorrect Access Control.
network
low complexity
sonatype CWE-863
5.0
5.0
2018-11-15 CVE-2018-16619 Cross-site Scripting vulnerability in Sonatype Nexus Repository Manager
Sonatype Nexus Repository Manager before 3.14 allows XSS.
network
sonatype CWE-79
4.3
4.3