Vulnerabilities > Sonatype > High

DATE CVE VULNERABILITY TITLE RISK
2021-09-07 CVE-2021-40143 Injection vulnerability in Sonatype Nexus Repository Manager 3
Sonatype Nexus Repository 3.x through 3.33.1-01 is vulnerable to an HTTP header injection.
network
low complexity
sonatype CWE-74
8.2
2020-10-12 CVE-2020-15012 Path Traversal vulnerability in Sonatype Nexus Repository Manager
A Directory Traversal issue was discovered in Sonatype Nexus Repository Manager 2.x before 2.14.19.
network
low complexity
sonatype CWE-22
8.6
2020-08-12 CVE-2020-15868 Unspecified vulnerability in Sonatype Nexus Repository Manager
Sonatype Nexus Repository Manager OSS/Pro before 3.26.0 has Incorrect Access Control.
network
low complexity
sonatype
7.5
2020-07-31 CVE-2020-15871 Unspecified vulnerability in Sonatype Nexus Repository Manager 3
Sonatype Nexus Repository Manager OSS/Pro version before 3.25.1 allows Remote Code Execution.
network
low complexity
sonatype
8.8
2020-04-20 CVE-2020-11753 Incorrect Authorization vulnerability in Sonatype Nexus Repository Manager 3 3.21.1/3.22.0
An issue was discovered in Sonatype Nexus Repository Manager in versions 3.21.1 and 3.22.0.
network
low complexity
sonatype CWE-863
8.8
2020-04-02 CVE-2020-11444 Incorrect Default Permissions vulnerability in Sonatype Nexus
Sonatype Nexus Repository Manager 3.x up to and including 3.21.2 has Incorrect Access Control.
network
low complexity
sonatype CWE-276
8.8
2020-04-01 CVE-2020-10204 Improper Input Validation vulnerability in Sonatype Nexus
Sonatype Nexus Repository before 3.21.2 allows Remote Code Execution.
network
low complexity
sonatype CWE-20
7.2
2020-04-01 CVE-2020-10199 Expression Language Injection vulnerability in Sonatype Nexus
Sonatype Nexus Repository before 3.21.2 allows JavaEL Injection (issue 1 of 2).
network
low complexity
sonatype CWE-917
8.8
2019-11-01 CVE-2019-15588 OS Command Injection vulnerability in Sonatype Nexus Repository Manager
There is an OS Command Injection in Nexus Repository Manager <= 2.14.14 (bypass CVE-2019-5475) that could allow an attacker a Remote Code Execution (RCE).
network
low complexity
sonatype CWE-78
7.2
2019-10-21 CVE-2019-16530 Unrestricted Upload of File with Dangerous Type vulnerability in Sonatype Nexus Repository Manager
Sonatype Nexus Repository Manager 2.x before 2.14.15 and 3.x before 3.19, and IQ Server before 72, has remote code execution.
network
low complexity
sonatype CWE-434
7.2