Vulnerabilities > Sonatype > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-03-30 | CVE-2022-27907 | Server-Side Request Forgery (SSRF) vulnerability in Sonatype Nexus Repository Manager Sonatype Nexus Repository Manager 3.x before 3.38.0 allows SSRF. | 4.0 |
| 2022-03-17 | CVE-2021-43961 | Cross-site Scripting vulnerability in Sonatype Nexus Repository Manager Sonatype Nexus Repository Manager 3.36.0 allows HTML Injection. | 4.3 |
| 2021-11-04 | CVE-2021-43293 | Server-Side Request Forgery (SSRF) vulnerability in Sonatype Nexus Repository Manager Sonatype Nexus Repository Manager 3.x before 3.36.0 allows a remote authenticated attacker to potentially perform network enumeration via Server Side Request Forgery (SSRF). | 4.0 |
| 2021-11-02 | CVE-2021-42568 | Information Exposure vulnerability in Sonatype Nexus Repository Manager Sonatype Nexus Repository Manager 3.x through 3.35.0 allows attackers to access the SSL Certificates Loading function via a low-privileged account. | 4.0 |
| 2021-09-07 | CVE-2021-40143 | Injection vulnerability in Sonatype Nexus Repository Manager 3 Sonatype Nexus Repository 3.x through 3.33.1-01 is vulnerable to an HTTP header injection. | 6.4 |
| 2021-06-18 | CVE-2021-34553 | Path Traversal vulnerability in Sonatype Nexus Repository Manager Sonatype Nexus Repository Manager 3.x before 3.31.0 allows a remote authenticated attacker to get a list of blob files and read the content of a blob file (via a GET request) without having been granted access. | 4.0 |
| 2021-04-28 | CVE-2021-29159 | Cross-site Scripting vulnerability in Sonatype Nexus Repository Manager A cross-site scripting (XSS) vulnerability has been discovered in Nexus Repository Manager 3.x before 3.30.1. | 4.3 |
| 2021-04-27 | CVE-2021-30635 | Path Traversal vulnerability in Sonatype Nexus Repository Manager Sonatype Nexus Repository Manager 3.x before 3.30.1 allows a remote attacker to get a list of files and directories that exist in a UI-related folder via directory traversal (no customer-specific data is exposed). | 5.0 |
| 2021-04-23 | CVE-2021-29158 | Incorrect Authorization vulnerability in Sonatype Nexus Repository Manager 3 3.25.1 Sonatype Nexus Repository Manager 3 Pro up to and including 3.30.0 has Incorrect Access Control. | 4.0 |
| 2020-12-17 | CVE-2020-29436 | XXE vulnerability in Sonatype Nexus Repository Manager Sonatype Nexus Repository Manager 3.x before 3.29.0 allows a user with admin privileges to configure the system to gain access to content outside of NXRM via an XXE vulnerability. | 5.5 |