Vulnerabilities > Sonatype > Nexus Repository Manager > 3.15.0

DATE CVE VULNERABILITY TITLE RISK
2019-08-22 CVE-2019-14469 Cross-site Scripting vulnerability in Sonatype Nexus Repository Manager
In Nexus Repository Manager before 3.18.0, users with elevated privileges can create stored XSS.
network
low complexity
sonatype CWE-79
5.4
2019-07-08 CVE-2019-9630 Incorrect Default Permissions vulnerability in Sonatype Nexus Repository Manager
Sonatype Nexus Repository Manager before 3.17.0 has a weak default of giving any unauthenticated user read permissions on the repository files and images.
network
low complexity
sonatype CWE-276
7.5
2019-07-08 CVE-2019-9629 Improper Authentication vulnerability in Sonatype Nexus Repository Manager
Sonatype Nexus Repository Manager before 3.17.0 establishes a default administrator user with weak defaults (fixed credentials).
network
low complexity
sonatype CWE-287
critical
9.8