Page 2 of 15 results (0.006 seconds)

CVSS: 7.2EPSS: 0%CPEs: 1EXPL: 0

Sonatype Nexus Repository Manager 2.x before 2.14.15 allows Remote Code Execution. Sonatype Nexus Repository Manager versiones 2.x anteriores a 2.14.15, permite la ejecución de código remota. • https://support.sonatype.com/hc/en-us/articles/360035055794 •

CVSS: 9.0EPSS: 0%CPEs: 1EXPL: 4

The Nexus Yum Repository Plugin in v2 is vulnerable to Remote Code Execution when instances using CommandLineExecutor.java are supplied vulnerable data, such as the Yum Configuration Capability. El plugin Nexus Yum Repository en la versión 2 es vulnerable a la ejecución remota de código cuando las peticiones que usan CommandLineExecutor.java reciben datos vulnerables como la capacidad de configuración de Yum. • https://github.com/rabbitmask/CVE-2019-5475-EXP https://github.com/jaychouzzk/CVE-2019-5475-Nexus-Repository-Manager- https://github.com/EXP-Docs/CVE-2019-5475 https://hackerone.com/reports/654888 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •

CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0

Sonatype Nexus Repository Manager before 3.17.0 has a weak default of giving any unauthenticated user read permissions on the repository files and images. Sonatype Nexus Repository Manager anterior a versión 3.17.0, presenta una debilidad por defecto de otorgar a cualquier usuario no identificado permisos de lectura en los archivos e imágenes del repositorio. • https://www.twistlock.com/labs-blog/vulnerabilities-nexus-repository-left-thousands-artifacts-exposed • CWE-276: Incorrect Default Permissions •

CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0

Sonatype Nexus Repository Manager before 3.17.0 establishes a default administrator user with weak defaults (fixed credentials). Sonatype Nexus Repository Manager anterior a versión 3.17.0, establece un usuario administrador por defecto con valores predeterminados débiles (credenciales fijas). • https://www.twistlock.com/labs-blog/vulnerabilities-nexus-repository-left-thousands-artifacts-exposed • CWE-287: Improper Authentication •

CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0

Sonatype Nexus Repository Manager 2.x before 2.14.13 allows XSS. Sonatype Nexus Repository Manager 2.x anteriores a 2.14.13 permiten Corss-Site Scripting (XSS) • https://support.sonatype.com/hc/en-us/articles/360022528733-CVE-2019-11629-Nexus-Repository-Manager-2-Cross-Site-Scripting-XSS-2019-05-02 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •