Home/Product/sonatype nexus repository manager
Product

sonatype nexus repository manager

29 known vulnerabilities across versions
Vulnerabilities are listed by affected version. Select any CVE for the full briefing and its intelligence graph.
CVE-2024-5764
>= 3.0.0 and < 3.73.0
Use of Hard-coded Credentials vulnerability in Sonatype Nexus Repository has been discovered in the code responsible for encryptin
6.5MEDIUM
 CVE-2022-27907
>= 3.0.0 and < 3.38.0
Sonatype Nexus Repository Manager 3.x before 3.38.0 allows SSRF.
4.3MEDIUM
 CVE-2021-43961
>= 3.0.0 and < 3.38.0
Sonatype Nexus Repository Manager 3.36.0 allows HTML Injection.
4.3MEDIUM
 CVE-2021-43293
>= 3.0.0 and <= 3.35.0
Sonatype Nexus Repository Manager 3.x before 3.36.0 allows a remote authenticated attacker to potentially perform network enumerat
4.3MEDIUM
 CVE-2021-42568
>= 3.0.0 and <= 3.35.0
Sonatype Nexus Repository Manager 3.x through 3.35.0 allows attackers to access the SSL Certificates Loading function via a low-pr
4.3MEDIUM
 CVE-2021-37152
>= 3.0.0 and < 3.33.0
Multiple XSS issues exist in Sonatype Nexus Repository Manager 3 before 3.33.0. An authenticated attacker with the ability to add
5.4MEDIUM
 CVE-2021-34553
>= 3.0.0 and < 3.31.0
Sonatype Nexus Repository Manager 3.x before 3.31.0 allows a remote authenticated attacker to get a list of blob files and read th
4.3MEDIUM
 CVE-2021-29159
>= 3.23.0 and < 3.30.1
A cross-site scripting (XSS) vulnerability has been discovered in Nexus Repository Manager 3.x before 3.30.1. An attacker with a l
6.1MEDIUM
 CVE-2021-30635
>= 3.0 and < 3.30.1
Sonatype Nexus Repository Manager 3.x before 3.30.1 allows a remote attacker to get a list of files and directories that exist in
5.3MEDIUM
 CVE-2020-29436
>= 3.0.0 and < 3.29.0
Sonatype Nexus Repository Manager 3.x before 3.29.0 allows a user with admin privileges to configure the system to gain access to
6.5MEDIUM
 CVE-2020-15012
>= 2.0 and < 2.14.19
A Directory Traversal issue was discovered in Sonatype Nexus Repository Manager 2.x before 2.14.19. A user that requests a crafted
8.6HIGH
 CVE-2020-15868
< 3.26.0
Sonatype Nexus Repository Manager OSS/Pro before 3.26.0 has Incorrect Access Control.
7.5HIGH
 CVE-2020-11415
>= 2.0 and < 2.14.17
An issue was discovered in Sonatype Nexus Repository Manager 2.x before 2.14.17 and 3.x before 3.22.1. Admin users can retrieve th
4.9MEDIUM
 CVE-2019-15588
<= 2.14.14
There is an OS Command Injection in Nexus Repository Manager <= 2.14.14 (bypass CVE-2019-5475) that could allow an attacker a Remo
7.2HIGH
 CVE-2019-16530
>= 2.0.0 and <= 2.14.14
Sonatype Nexus Repository Manager 2.x before 2.14.15 and 3.x before 3.19, and IQ Server before 72, has remote code execution.
7.2HIGH
 CVE-2019-15893
< 2.14.15
Sonatype Nexus Repository Manager 2.x before 2.14.15 allows Remote Code Execution.
7.2HIGH
 CVE-2019-5475
>= 2.0 and <= 2.14.9-01
The Nexus Yum Repository Plugin in v2 is vulnerable to Remote Code Execution when instances using CommandLineExecutor.java are sup
8.8HIGH
 CVE-2019-14469
>= 3.14.0 and <= 3.17.0
In Nexus Repository Manager before 3.18.0, users with elevated privileges can create stored XSS.
5.4MEDIUM
 CVE-2019-9630
< 3.17.0
Sonatype Nexus Repository Manager before 3.17.0 has a weak default of giving any unauthenticated user read permissions on the repo
7.5HIGH
 CVE-2019-9629
< 3.17.0
Sonatype Nexus Repository Manager before 3.17.0 establishes a default administrator user with weak defaults (fixed credentials).
9.8CRITICAL
 CVE-2019-11629
>= 2.0.0 and < 2.14.13
Sonatype Nexus Repository Manager 2.x before 2.14.13 allows XSS.
6.1MEDIUM
 CVE-2019-7238
>= 3.0.0 and < 3.15.0
Sonatype Nexus Repository Manager before 3.15.0 has Incorrect Access Control.
9.8CRITICAL
 CVE-2018-16621
< 3.14.0
Sonatype Nexus Repository Manager before 3.14 allows Java Expression Language Injection.
7.2HIGH
 CVE-2018-16620
< 3.14.0
Sonatype Nexus Repository Manager before 3.14 has Incorrect Access Control.
7.5HIGH
 CVE-2018-16619
< 3.14.0
Sonatype Nexus Repository Manager before 3.14 allows XSS.
6.1MEDIUM
 CVE-2018-12100
>= 3.3.0 and < 3.12.0
Sonatype Nexus Repository Manager versions 3.x before 3.12.0 has XSS in multiple areas in the Administration UI.
4.8MEDIUM
 CVE-2018-5307
>= 2.0 and < 2.14.6
Multiple cross-site scripting (XSS) vulnerabilities in Sonatype Nexus Repository Manager (aka NXRM) 2.x before 2.14.6 allow remote
6.1MEDIUM
 CVE-2018-5306
>= 3.0 and < 3.8
Multiple cross-site scripting (XSS) vulnerabilities in Sonatype Nexus Repository Manager (aka NXRM) 3.x before 3.8 allow remote at
6.1MEDIUM
 CVE-2017-17717
<= 2.14.5
Sonatype Nexus Repository Manager through 2.14.5 has weak password encryption with a hardcoded CMMDwoV value in the LDAP integrati
9.8CRITICAL
SOC and Response
CVE triage
Stack monitoring
Am I affected
IOC triage
KEV catalog
Recently exploited
Daily brief
Change tracking
Detection Engineering
Coverage workspace
Detection coverage
Coverage check
Telemetry ceiling
SIEM query builder
Sigma rules
SIEM rules
YARA rules
Network rules
D3FEND
Threat Hunting
Threat actors
ATT&CK techniques
Attack paths
Indicators
Atomic tests
Red Team and Pentest
Exploitability triage
Recon pack
Attack paths
CAPEC patterns
Adversary emulation
Compliance and GRC
Framework mapping
Control assessment
Audit view
Coverage report
Atlas Search Threat actors Techniques Tools & malware CWE CAPEC KEV catalog Package vulns
About All capabilities Pricing API docs Live status Privacy policy Terms of service
threatengine.sh