Vulnerabilities > Sonatype > High
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2020-10-12 | CVE-2020-15012 | Path Traversal vulnerability in Sonatype Nexus Repository Manager A Directory Traversal issue was discovered in Sonatype Nexus Repository Manager 2.x before 2.14.19. | 7.8 |
2020-04-20 | CVE-2020-11753 | Incorrect Authorization vulnerability in Sonatype Nexus Repository Manager 3 3.21.1/3.22.0 An issue was discovered in Sonatype Nexus Repository Manager in versions 3.21.1 and 3.22.0. | 8.8 |
2020-04-01 | CVE-2020-10199 | Expression Language Injection vulnerability in Sonatype Nexus Sonatype Nexus Repository before 3.21.2 allows JavaEL Injection (issue 1 of 2). | 8.8 |
2019-07-08 | CVE-2019-9629 | Improper Authentication vulnerability in Sonatype Nexus Repository Manager Sonatype Nexus Repository Manager before 3.17.0 establishes a default administrator user with weak defaults (fixed credentials). | 7.5 |
2019-03-21 | CVE-2019-7238 | Unspecified vulnerability in Sonatype Nexus Sonatype Nexus Repository Manager before 3.15.0 has Incorrect Access Control. | 7.5 |
2015-01-05 | CVE-2014-9389 | Path Traversal vulnerability in Sonatype Nexus 2.11.0 Directory traversal vulnerability in Sonatype Nexus OSS and Pro before 2.11.1-01 allows remote attackers to read or write to arbitrary files via unspecified vectors. | 7.5 |
2014-04-01 | CVE-2014-2034 | Security Bypass vulnerability in Sonatype Nexus Unspecified vulnerability in Sonatype Nexus OSS and Pro 2.4.0 through 2.7.1 allows attackers to create arbitrary user accounts via unknown vectors related to "an unauthenticated execution path." | 7.5 |
2014-01-17 | CVE-2014-0792 | Code Injection vulnerability in Sonatype Nexus Sonatype Nexus 1.x and 2.x before 2.7.1 allows remote attackers to create arbitrary objects and execute arbitrary code via unspecified vectors related to unmarshalling of unintended Object types. | 7.5 |