CVSS: 8.2EPSS: 0%CPEs: 1EXPL: 0CVE-2021-40143
https://notcve.org/view.php?id=CVE-2021-40143
Sonatype Nexus Repository 3.x through 3.33.1-01 is vulnerable to an HTTP header injection. By sending a crafted HTTP request, a remote attacker may disclose sensitive information or request external resources from a vulnerable instance. Sonatype Nexus Repository versiones 3.x hasta 3.33.1-01, es vulnerable a una inyección de encabezado HTTP. mediante el envío de una petición HTTP diseñada, un atacante remoto puede divulgar información confidencial o solicitar recursos externos desde una instancia vulnerable • https://issues.sonatype.org/secure/ReleaseNote.jspa https://support.sonatype.com/hc/en-us/articles/4405941762579 • CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') •
CVSS: 4.9EPSS: 0%CPEs: 1EXPL: 0CVE-2021-29158
https://notcve.org/view.php?id=CVE-2021-29158
Sonatype Nexus Repository Manager 3 Pro up to and including 3.30.0 has Incorrect Access Control. Sonatype Nexus Repository Manager 3 Pro versiones hasta 3.30.0 incluyéndola, presenta un Control de Acceso Incorrecto • https://support.sonatype.com/hc/en-us/articles/1500006126462 https://support.sonatype.com/hc/en-us/categories/201980768-Welcome-to-the-Sonatype-Support-Knowledge-Base • CWE-863: Incorrect Authorization •
CVSS: 8.8EPSS: 3%CPEs: 2EXPL: 0CVE-2020-15871
https://notcve.org/view.php?id=CVE-2020-15871
Sonatype Nexus Repository Manager OSS/Pro version before 3.25.1 allows Remote Code Execution. Sonatype Nexus Repository Manager OSS/Pro versiones anteriores a 3.25.1, permite una ejecución de código remota • https://support.sonatype.com https://support.sonatype.com/hc/en-us/articles/360052192693 •
CVSS: 5.4EPSS: 0%CPEs: 2EXPL: 0CVE-2020-15869
https://notcve.org/view.php?id=CVE-2020-15869
Sonatype Nexus Repository Manager OSS/Pro versions before 3.25.1 allow XSS (issue 1 of 2). Sonatype Nexus Repository Manager OSS/Pro versiones anteriores a 3.25.1, permiten un ataque de tipo XSS (problema 1 de 2) • https://support.sonatype.com https://support.sonatype.com/hc/en-us/articles/360051424554 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 2EXPL: 0CVE-2020-15870
https://notcve.org/view.php?id=CVE-2020-15870
Sonatype Nexus Repository Manager OSS/Pro versions before 3.25.1 allow XSS (Issue 2 of 2). Sonatype Nexus Repository Manager OSS/Pro versiones anteriores a 3.25.1, permiten un ataque de tipo XSS (Problema 2 de 2) • https://support.sonatype.com https://support.sonatype.com/hc/en-us/articles/360051424754 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •