Vulnerabilities > Sonatype > Critical
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2020-04-01 | CVE-2020-10204 | Improper Input Validation vulnerability in Sonatype Nexus Sonatype Nexus Repository before 3.21.2 allows Remote Code Execution. | 9.0 |
2019-11-01 | CVE-2019-15588 | OS Command Injection vulnerability in Sonatype Nexus Repository Manager There is an OS Command Injection in Nexus Repository Manager <= 2.14.14 (bypass CVE-2019-5475) that could allow an attacker a Remote Code Execution (RCE). | 9.0 |
2019-10-21 | CVE-2019-16530 | Unrestricted Upload of File with Dangerous Type vulnerability in Sonatype Nexus IQ Server Sonatype Nexus Repository Manager 2.x before 2.14.15 and 3.x before 3.19, and IQ Server before 72, has remote code execution. | 9.0 |
2019-09-03 | CVE-2019-5475 | OS Command Injection vulnerability in Sonatype Nexus Repository Manager The Nexus Yum Repository Plugin in v2 is vulnerable to Remote Code Execution when instances using CommandLineExecutor.java are supplied vulnerable data, such as the Yum Configuration Capability. | 9.0 |
2017-12-17 | CVE-2017-17717 | Use of a Broken or Risky Cryptographic Algorithm vulnerability in Sonatype Nexus Repository Manager Sonatype Nexus Repository Manager through 2.14.5 has weak password encryption with a hardcoded CMMDwoV value in the LDAP integration feature. | 10.0 |