CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0CVE-2022-27907
https://notcve.org/view.php?id=CVE-2022-27907
Sonatype Nexus Repository Manager 3.x before 3.38.0 allows SSRF. Sonatype Nexus Repository Manager versiones 3.x anteriores a 3.38.0 permite un ataque de tipo SSRF • https://sonatype.com https://support.sonatype.com/hc/en-us/articles/5011047953555 • CWE-918: Server-Side Request Forgery (SSRF) •
CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0CVE-2021-43961
https://notcve.org/view.php?id=CVE-2021-43961
Sonatype Nexus Repository Manager 3.36.0 allows HTML Injection. Sonatype Nexus Repository Manager versión 3.36.0, permite una inyección de HTML • https://issues.sonatype.org/secure/ReleaseNote.jspa https://support.sonatype.com/hc/en-us/articles/4412183372307 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0CVE-2021-43293
https://notcve.org/view.php?id=CVE-2021-43293
Sonatype Nexus Repository Manager 3.x before 3.36.0 allows a remote authenticated attacker to potentially perform network enumeration via Server Side Request Forgery (SSRF). Sonatype Nexus Repository Manager versiones 3.x anteriores a 3.36.0 permite a un atacante remoto autenticado llevar a cabo potencialmente una enumeración de la red por medio de una vulnerabilidad de tipo Server Side Request Forgery (SSRF) • https://support.sonatype.com/hc/en-us/articles/4409326330003 • CWE-918: Server-Side Request Forgery (SSRF) •
CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0CVE-2021-42568
https://notcve.org/view.php?id=CVE-2021-42568
Sonatype Nexus Repository Manager 3.x through 3.35.0 allows attackers to access the SSL Certificates Loading function via a low-privileged account. Sonatype Nexus Repository Manager versiones 3.x hasta 3.35.0, permite a atacantes acceder a la función SSL Certificates Loading por medio de una cuenta poco privilegiado • https://support.sonatype.com https://support.sonatype.com/hc/en-us/articles/4408801690515-CVE-2021-42568-Nexus-Repository-Manager-3-Incorrect-Access-Control-October-27-2021 •
CVSS: 8.2EPSS: 0%CPEs: 1EXPL: 0CVE-2021-40143
https://notcve.org/view.php?id=CVE-2021-40143
Sonatype Nexus Repository 3.x through 3.33.1-01 is vulnerable to an HTTP header injection. By sending a crafted HTTP request, a remote attacker may disclose sensitive information or request external resources from a vulnerable instance. Sonatype Nexus Repository versiones 3.x hasta 3.33.1-01, es vulnerable a una inyección de encabezado HTTP. mediante el envío de una petición HTTP diseñada, un atacante remoto puede divulgar información confidencial o solicitar recursos externos desde una instancia vulnerable • https://issues.sonatype.org/secure/ReleaseNote.jspa https://support.sonatype.com/hc/en-us/articles/4405941762579 • CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') •