Vulnerabilities > Sonatype > Critical

DATE CVE VULNERABILITY TITLE RISK
2019-07-08 CVE-2019-9629 Improper Authentication vulnerability in Sonatype Nexus Repository Manager
Sonatype Nexus Repository Manager before 3.17.0 establishes a default administrator user with weak defaults (fixed credentials).
network
low complexity
sonatype CWE-287
critical
9.8
2019-03-21 CVE-2019-7238 Unspecified vulnerability in Sonatype Nexus
Sonatype Nexus Repository Manager before 3.15.0 has Incorrect Access Control.
network
low complexity
sonatype
critical
9.8
2017-12-17 CVE-2017-17717 Use of a Broken or Risky Cryptographic Algorithm vulnerability in Sonatype Nexus Repository Manager
Sonatype Nexus Repository Manager through 2.14.5 has weak password encryption with a hardcoded CMMDwoV value in the LDAP integration feature.
network
low complexity
sonatype CWE-327
critical
9.8