CVE-2020-10199

Known exploited
Public exploit
Sonatype Nexus Repository before 3.21.2 allows JavaEL Injection (issue 1 of 2).
Max CVSS
9.0
EPSS Score
97.28%
Published
2020-04-01
Updated
2022-10-07
CISA KEV Added
2021-11-03
In Sonatype Nexus Repository 3.26.1, an S3 secret key can be exposed by an admin user.
Max CVSS
4.9
EPSS Score
0.07%
Published
2020-08-25
Updated
2022-04-28
Sonatype Nexus Repository Manager 3.x up to and including 3.21.2 has Incorrect Access Control.
Max CVSS
8.8
EPSS Score
0.09%
Published
2020-04-02
Updated
2020-04-07
Sonatype Nexus Repository before 3.21.2 allows Remote Code Execution.
Max CVSS
9.0
EPSS Score
1.19%
Published
2020-04-01
Updated
2021-12-22
Sonatype Nexus Repository before 3.21.2 allows XSS.
Max CVSS
4.8
EPSS Score
0.16%
Published
2020-04-01
Updated
2020-04-02

CVE-2019-7238

Known exploited
Sonatype Nexus Repository Manager before 3.15.0 has Incorrect Access Control.
Max CVSS
9.8
EPSS Score
97.40%
Published
2019-03-21
Updated
2020-08-24
CISA KEV Added
2021-12-10
Directory traversal vulnerability in Sonatype Nexus OSS and Pro before 2.11.1-01 allows remote attackers to read or write to arbitrary files via unspecified vectors.
Max CVSS
7.5
EPSS Score
0.62%
Published
2015-01-05
Updated
2015-01-06
Unspecified vulnerability in Sonatype Nexus OSS and Pro 2.4.0 through 2.7.1 allows attackers to create arbitrary user accounts via unknown vectors related to "an unauthenticated execution path."
Max CVSS
7.5
EPSS Score
1.53%
Published
2014-04-01
Updated
2014-04-01
Sonatype Nexus 1.x and 2.x before 2.7.1 allows remote attackers to create arbitrary objects and execute arbitrary code via unspecified vectors related to unmarshalling of unintended Object types.
Max CVSS
7.5
EPSS Score
3.19%
Published
2014-01-17
Updated
2014-01-21
9 vulnerabilities found
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!