Vulnerabilities > Sonatype > Nexus Repository Manager > 3.30.1
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2022-03-30 | CVE-2022-27907 | Server-Side Request Forgery (SSRF) vulnerability in Sonatype Nexus Repository Manager Sonatype Nexus Repository Manager 3.x before 3.38.0 allows SSRF. | 4.3 |
2022-03-17 | CVE-2021-43961 | Cross-site Scripting vulnerability in Sonatype Nexus Repository Manager Sonatype Nexus Repository Manager 3.36.0 allows HTML Injection. | 4.3 |
2021-11-04 | CVE-2021-43293 | Server-Side Request Forgery (SSRF) vulnerability in Sonatype Nexus Repository Manager Sonatype Nexus Repository Manager 3.x before 3.36.0 allows a remote authenticated attacker to potentially perform network enumeration via Server Side Request Forgery (SSRF). | 4.3 |
2021-11-02 | CVE-2021-42568 | Unspecified vulnerability in Sonatype Nexus Repository Manager Sonatype Nexus Repository Manager 3.x through 3.35.0 allows attackers to access the SSL Certificates Loading function via a low-privileged account. | 4.3 |
2021-08-10 | CVE-2021-37152 | Cross-site Scripting vulnerability in Sonatype Nexus Repository Manager Multiple XSS issues exist in Sonatype Nexus Repository Manager 3 before 3.33.0. | 5.4 |
2021-06-18 | CVE-2021-34553 | Path Traversal vulnerability in Sonatype Nexus Repository Manager Sonatype Nexus Repository Manager 3.x before 3.31.0 allows a remote authenticated attacker to get a list of blob files and read the content of a blob file (via a GET request) without having been granted access. | 4.3 |