19 results (0.018 seconds)

CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0

Sonatype Nexus Repository Manager 3.x before 3.38.0 allows SSRF. Sonatype Nexus Repository Manager versiones 3.x anteriores a 3.38.0 permite un ataque de tipo SSRF • https://sonatype.com https://support.sonatype.com/hc/en-us/articles/5011047953555 • CWE-918: Server-Side Request Forgery (SSRF) •

CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0

Sonatype Nexus Repository Manager 3.36.0 allows HTML Injection. Sonatype Nexus Repository Manager versión 3.36.0, permite una inyección de HTML • https://issues.sonatype.org/secure/ReleaseNote.jspa https://support.sonatype.com/hc/en-us/articles/4412183372307 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0

Sonatype Nexus Repository Manager 3.x before 3.36.0 allows a remote authenticated attacker to potentially perform network enumeration via Server Side Request Forgery (SSRF). Sonatype Nexus Repository Manager versiones 3.x anteriores a 3.36.0 permite a un atacante remoto autenticado llevar a cabo potencialmente una enumeración de la red por medio de una vulnerabilidad de tipo Server Side Request Forgery (SSRF) • https://support.sonatype.com/hc/en-us/articles/4409326330003 • CWE-918: Server-Side Request Forgery (SSRF) •

CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0

Sonatype Nexus Repository Manager 3.x through 3.35.0 allows attackers to access the SSL Certificates Loading function via a low-privileged account. Sonatype Nexus Repository Manager versiones 3.x hasta 3.35.0, permite a atacantes acceder a la función SSL Certificates Loading por medio de una cuenta poco privilegiado • https://support.sonatype.com https://support.sonatype.com/hc/en-us/articles/4408801690515-CVE-2021-42568-Nexus-Repository-Manager-3-Incorrect-Access-Control-October-27-2021 •

CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 1

Multiple XSS issues exist in Sonatype Nexus Repository Manager 3 before 3.33.0. An authenticated attacker with the ability to add HTML files to a repository could redirect users to Nexus Repository Manager’s pages with code modifications. Se presentan múltiples problemas de tipo XSS en Sonatype Nexus Repository Manager 3 versiones anteriores a 3.33.0. Un atacante autenticado con la capacidad de añadir archivos HTML a un repositorio podría redirigir a usuarios a las páginas de Nexus Repository Manager con modificaciones de código • https://github.com/SecurityAnalysts/CVE-2021-37152 https://support.sonatype.com https://support.sonatype.com/hc/en-us/articles/4404115639827 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •