Vulnerabilities > Sonatype > Nexus > 2.6.1

DATE CVE VULNERABILITY TITLE RISK
2020-04-01 CVE-2020-10204 Improper Input Validation vulnerability in Sonatype Nexus
Sonatype Nexus Repository before 3.21.2 allows Remote Code Execution.
network
low complexity
sonatype CWE-20
7.2
2020-04-01 CVE-2020-10203 Cross-site Scripting vulnerability in Sonatype Nexus
Sonatype Nexus Repository before 3.21.2 allows XSS.
network
low complexity
sonatype CWE-79
4.8
2020-04-01 CVE-2020-10199 Expression Language Injection vulnerability in Sonatype Nexus
Sonatype Nexus Repository before 3.21.2 allows JavaEL Injection (issue 1 of 2).
network
low complexity
sonatype CWE-917
8.8
2019-03-21 CVE-2019-7238 Unspecified vulnerability in Sonatype Nexus
Sonatype Nexus Repository Manager before 3.15.0 has Incorrect Access Control.
network
low complexity
sonatype
critical
9.8