Page 3 of 18 results (0.002 seconds)

CVSS: 9.0EPSS: 0%CPEs: 3EXPL: 0

Sonatype Nexus Repository Manager 2.x before 2.14.15 and 3.x before 3.19, and IQ Server before 72, has remote code execution. Sonatype Nexus Repository Manager versiones 2.x anteriores a 2.14.15 y versiones 3.x anteriores a 3.19, y IQ Server versiones anteriores a 72, presenta una ejecución de código remota. • https://issues.sonatype.org/secure/ReleaseNote.jspa https://support.sonatype.com/hc/en-us/articles/360036132453 • CWE-434: Unrestricted Upload of File with Dangerous Type •

CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0

Sonatype Nexus Repository Manager before 3.17.0 has a weak default of giving any unauthenticated user read permissions on the repository files and images. Sonatype Nexus Repository Manager anterior a versión 3.17.0, presenta una debilidad por defecto de otorgar a cualquier usuario no identificado permisos de lectura en los archivos e imágenes del repositorio. • https://www.twistlock.com/labs-blog/vulnerabilities-nexus-repository-left-thousands-artifacts-exposed • CWE-276: Incorrect Default Permissions •

CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0

Sonatype Nexus Repository Manager before 3.17.0 establishes a default administrator user with weak defaults (fixed credentials). Sonatype Nexus Repository Manager anterior a versión 3.17.0, establece un usuario administrador por defecto con valores predeterminados débiles (credenciales fijas). • https://www.twistlock.com/labs-blog/vulnerabilities-nexus-repository-left-thousands-artifacts-exposed • CWE-287: Improper Authentication •

CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0

Sonatype Nexus Repository Manager before 3.14 allows XSS. Sonatype Nexus Repository Manager en versiones anteriores a la 3.14 permite Cross-Site Scripting (XSS). • https://support.sonatype.com/hc/en-us/articles/360010789893-CVE-2018-16619-Nexus-Repository-Manager-XSS-October-17-2018 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 7.2EPSS: 0%CPEs: 1EXPL: 1

Sonatype Nexus Repository Manager before 3.14 allows Java Expression Language Injection. Sonatype Nexus Repository Manager en versiones anteriores a la 3.14 permite la inyección de lenguaje de expresiones Java. • https://securitylab.github.com/advisories/GHSL-2020-015-nxrm-sonatype https://support.sonatype.com/hc/en-us/articles/360010789153-CVE-2018-16621-Nexus-Repository-Manager-Java-Injection-October-17-2018 • CWE-917: Improper Neutralization of Special Elements used in an Expression Language Statement ('Expression Language Injection') •