6 results (0.010 seconds)

CVSS: 8.2EPSS: 0%CPEs: 1EXPL: 0

Sonatype Nexus Repository 3.x through 3.33.1-01 is vulnerable to an HTTP header injection. By sending a crafted HTTP request, a remote attacker may disclose sensitive information or request external resources from a vulnerable instance. Sonatype Nexus Repository versiones 3.x hasta 3.33.1-01, es vulnerable a una inyección de encabezado HTTP. mediante el envío de una petición HTTP diseñada, un atacante remoto puede divulgar información confidencial o solicitar recursos externos desde una instancia vulnerable • https://issues.sonatype.org/secure/ReleaseNote.jspa https://support.sonatype.com/hc/en-us/articles/4405941762579 • CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') •

CVSS: 4.9EPSS: 0%CPEs: 1EXPL: 0

Sonatype Nexus Repository Manager 3 Pro up to and including 3.30.0 has Incorrect Access Control. Sonatype Nexus Repository Manager 3 Pro versiones hasta 3.30.0 incluyéndola, presenta un Control de Acceso Incorrecto • https://support.sonatype.com/hc/en-us/articles/1500006126462 https://support.sonatype.com/hc/en-us/categories/201980768-Welcome-to-the-Sonatype-Support-Knowledge-Base • CWE-863: Incorrect Authorization •

CVSS: 8.8EPSS: 3%CPEs: 2EXPL: 0

Sonatype Nexus Repository Manager OSS/Pro version before 3.25.1 allows Remote Code Execution. Sonatype Nexus Repository Manager OSS/Pro versiones anteriores a 3.25.1, permite una ejecución de código remota • https://support.sonatype.com https://support.sonatype.com/hc/en-us/articles/360052192693 •

CVSS: 5.4EPSS: 0%CPEs: 2EXPL: 0

Sonatype Nexus Repository Manager OSS/Pro versions before 3.25.1 allow XSS (issue 1 of 2). Sonatype Nexus Repository Manager OSS/Pro versiones anteriores a 3.25.1, permiten un ataque de tipo XSS (problema 1 de 2) • https://support.sonatype.com https://support.sonatype.com/hc/en-us/articles/360051424554 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 6.1EPSS: 0%CPEs: 2EXPL: 0

Sonatype Nexus Repository Manager OSS/Pro versions before 3.25.1 allow XSS (Issue 2 of 2). Sonatype Nexus Repository Manager OSS/Pro versiones anteriores a 3.25.1, permiten un ataque de tipo XSS (Problema 2 de 2) • https://support.sonatype.com https://support.sonatype.com/hc/en-us/articles/360051424754 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •