Medium

DATE	CVE	VULNERABILITY TITLE	RISK
2024-10-23	CVE-2024-5764	Use of Hard-coded Credentials vulnerability in Sonatype Nexus Use of Hard-coded Credentials vulnerability in Sonatype Nexus Repository has been discovered in the code responsible for encrypting any secrets stored in the Nexus Repository configuration database (SMTP or HTTP proxy credentials, user tokens, tokens, among others). network low complexity sonatype CWE-798	6.5
2022-03-30	CVE-2022-27907	Server-Side Request Forgery (SSRF) vulnerability in Sonatype Nexus Repository Manager Sonatype Nexus Repository Manager 3.x before 3.38.0 allows SSRF. network low complexity sonatype CWE-918	4.3
2022-03-17	CVE-2021-43961	Cross-site Scripting vulnerability in Sonatype Nexus Repository Manager Sonatype Nexus Repository Manager 3.36.0 allows HTML Injection. network low complexity sonatype CWE-79	4.3
2021-11-04	CVE-2021-43293	Server-Side Request Forgery (SSRF) vulnerability in Sonatype Nexus Repository Manager Sonatype Nexus Repository Manager 3.x before 3.36.0 allows a remote authenticated attacker to potentially perform network enumeration via Server Side Request Forgery (SSRF). network low complexity sonatype CWE-918	4.3
2021-11-02	CVE-2021-42568	Unspecified vulnerability in Sonatype Nexus Repository Manager Sonatype Nexus Repository Manager 3.x through 3.35.0 allows attackers to access the SSL Certificates Loading function via a low-privileged account. network low complexity sonatype	4.3
2021-08-10	CVE-2021-37152	Cross-site Scripting vulnerability in Sonatype Nexus Repository Manager Multiple XSS issues exist in Sonatype Nexus Repository Manager 3 before 3.33.0. network low complexity sonatype CWE-79	5.4
2021-06-18	CVE-2021-34553	Path Traversal vulnerability in Sonatype Nexus Repository Manager Sonatype Nexus Repository Manager 3.x before 3.31.0 allows a remote authenticated attacker to get a list of blob files and read the content of a blob file (via a GET request) without having been granted access. network low complexity sonatype CWE-22	4.3
2021-04-28	CVE-2021-29159	Cross-site Scripting vulnerability in Sonatype Nexus Repository Manager A cross-site scripting (XSS) vulnerability has been discovered in Nexus Repository Manager 3.x before 3.30.1. network low complexity sonatype CWE-79	6.1
2021-04-27	CVE-2021-30635	Path Traversal vulnerability in Sonatype Nexus Repository Manager Sonatype Nexus Repository Manager 3.x before 3.30.1 allows a remote attacker to get a list of files and directories that exist in a UI-related folder via directory traversal (no customer-specific data is exposed). network low complexity sonatype CWE-22	5.3
2021-04-23	CVE-2021-29158	Incorrect Authorization vulnerability in Sonatype Nexus Repository Manager 3 3.25.1 Sonatype Nexus Repository Manager 3 Pro up to and including 3.30.0 has Incorrect Access Control. network low complexity sonatype CWE-863	4.9