CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0CVE-2021-43961
https://notcve.org/view.php?id=CVE-2021-43961
Sonatype Nexus Repository Manager 3.36.0 allows HTML Injection. Sonatype Nexus Repository Manager versión 3.36.0, permite una inyección de HTML • https://issues.sonatype.org/secure/ReleaseNote.jspa https://support.sonatype.com/hc/en-us/articles/4412183372307 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0CVE-2021-43293
https://notcve.org/view.php?id=CVE-2021-43293
Sonatype Nexus Repository Manager 3.x before 3.36.0 allows a remote authenticated attacker to potentially perform network enumeration via Server Side Request Forgery (SSRF). Sonatype Nexus Repository Manager versiones 3.x anteriores a 3.36.0 permite a un atacante remoto autenticado llevar a cabo potencialmente una enumeración de la red por medio de una vulnerabilidad de tipo Server Side Request Forgery (SSRF) • https://support.sonatype.com/hc/en-us/articles/4409326330003 • CWE-918: Server-Side Request Forgery (SSRF) •
CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0CVE-2021-42568
https://notcve.org/view.php?id=CVE-2021-42568
Sonatype Nexus Repository Manager 3.x through 3.35.0 allows attackers to access the SSL Certificates Loading function via a low-privileged account. Sonatype Nexus Repository Manager versiones 3.x hasta 3.35.0, permite a atacantes acceder a la función SSL Certificates Loading por medio de una cuenta poco privilegiado • https://support.sonatype.com https://support.sonatype.com/hc/en-us/articles/4408801690515-CVE-2021-42568-Nexus-Repository-Manager-3-Incorrect-Access-Control-October-27-2021 •
CVSS: 8.2EPSS: 0%CPEs: 1EXPL: 0CVE-2021-40143
https://notcve.org/view.php?id=CVE-2021-40143
Sonatype Nexus Repository 3.x through 3.33.1-01 is vulnerable to an HTTP header injection. By sending a crafted HTTP request, a remote attacker may disclose sensitive information or request external resources from a vulnerable instance. Sonatype Nexus Repository versiones 3.x hasta 3.33.1-01, es vulnerable a una inyección de encabezado HTTP. mediante el envío de una petición HTTP diseñada, un atacante remoto puede divulgar información confidencial o solicitar recursos externos desde una instancia vulnerable • https://issues.sonatype.org/secure/ReleaseNote.jspa https://support.sonatype.com/hc/en-us/articles/4405941762579 • CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') •
CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 1CVE-2021-37152
https://notcve.org/view.php?id=CVE-2021-37152
Multiple XSS issues exist in Sonatype Nexus Repository Manager 3 before 3.33.0. An authenticated attacker with the ability to add HTML files to a repository could redirect users to Nexus Repository Manager’s pages with code modifications. Se presentan múltiples problemas de tipo XSS en Sonatype Nexus Repository Manager 3 versiones anteriores a 3.33.0. Un atacante autenticado con la capacidad de añadir archivos HTML a un repositorio podría redirigir a usuarios a las páginas de Nexus Repository Manager con modificaciones de código • https://github.com/SecurityAnalysts/CVE-2021-37152 https://support.sonatype.com https://support.sonatype.com/hc/en-us/articles/4404115639827 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •