Vulnerabilities > Sonatype > Nexus > High

DATE CVE VULNERABILITY TITLE RISK
2020-04-02 CVE-2020-11444 Incorrect Default Permissions vulnerability in Sonatype Nexus
Sonatype Nexus Repository Manager 3.x up to and including 3.21.2 has Incorrect Access Control.
network
low complexity
sonatype CWE-276
8.8
2020-04-01 CVE-2020-10204 Improper Input Validation vulnerability in Sonatype Nexus
Sonatype Nexus Repository before 3.21.2 allows Remote Code Execution.
network
low complexity
sonatype CWE-20
7.2
2020-04-01 CVE-2020-10199 Expression Language Injection vulnerability in Sonatype Nexus
Sonatype Nexus Repository before 3.21.2 allows JavaEL Injection (issue 1 of 2).
network
low complexity
sonatype CWE-917
8.8