Vulnerabilities > Sonatype > Nexus Repository Manager > Critical

DATE CVE VULNERABILITY TITLE RISK
2019-07-08 CVE-2019-9629 Improper Authentication vulnerability in Sonatype Nexus Repository Manager
Sonatype Nexus Repository Manager before 3.17.0 establishes a default administrator user with weak defaults (fixed credentials).
network
low complexity
sonatype CWE-287
critical
9.8
2017-12-17 CVE-2017-17717 Use of a Broken or Risky Cryptographic Algorithm vulnerability in Sonatype Nexus Repository Manager
Sonatype Nexus Repository Manager through 2.14.5 has weak password encryption with a hardcoded CMMDwoV value in the LDAP integration feature.
network
low complexity
sonatype CWE-327
critical
9.8