CVE-2019-16530
https://notcve.org/view.php?id=CVE-2019-16530
Sonatype Nexus Repository Manager 2.x before 2.14.15 and 3.x before 3.19, and IQ Server before 72, has remote code execution. Sonatype Nexus Repository Manager versiones 2.x anteriores a 2.14.15 y versiones 3.x anteriores a 3.19, y IQ Server versiones anteriores a 72, presenta una ejecución de código remota. • https://issues.sonatype.org/secure/ReleaseNote.jspa https://support.sonatype.com/hc/en-us/articles/360036132453 • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVE-2019-14469
https://notcve.org/view.php?id=CVE-2019-14469
In Nexus Repository Manager before 3.18.0, users with elevated privileges can create stored XSS. En Nexus Repository Manager versiones anteriores a 3.18.0, los usuarios con privilegios elevados pueden crear un ataque de tipo XSS almacenado. • https://support.sonatype.com/hc/en-us/articles/360033999733-CVE-2019-14469-Nexus-Repository-Manager-3-Cross-Site-Scripting-XSS-2019-07-26 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2019-9630
https://notcve.org/view.php?id=CVE-2019-9630
Sonatype Nexus Repository Manager before 3.17.0 has a weak default of giving any unauthenticated user read permissions on the repository files and images. Sonatype Nexus Repository Manager anterior a versión 3.17.0, presenta una debilidad por defecto de otorgar a cualquier usuario no identificado permisos de lectura en los archivos e imágenes del repositorio. • https://www.twistlock.com/labs-blog/vulnerabilities-nexus-repository-left-thousands-artifacts-exposed • CWE-276: Incorrect Default Permissions •
CVE-2019-9629
https://notcve.org/view.php?id=CVE-2019-9629
Sonatype Nexus Repository Manager before 3.17.0 establishes a default administrator user with weak defaults (fixed credentials). Sonatype Nexus Repository Manager anterior a versión 3.17.0, establece un usuario administrador por defecto con valores predeterminados débiles (credenciales fijas). • https://www.twistlock.com/labs-blog/vulnerabilities-nexus-repository-left-thousands-artifacts-exposed • CWE-287: Improper Authentication •
CVE-2018-16619
https://notcve.org/view.php?id=CVE-2018-16619
Sonatype Nexus Repository Manager before 3.14 allows XSS. Sonatype Nexus Repository Manager en versiones anteriores a la 3.14 permite Cross-Site Scripting (XSS). • https://support.sonatype.com/hc/en-us/articles/360010789893-CVE-2018-16619-Nexus-Repository-Manager-XSS-October-17-2018 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •