CVE-2017-17717

CRITICAL

9.8

CVSS Severity Score

EPSS Score0.1660%

EPSS Percentile2.71th

PublishedDec 17, 2017

Last ModifiedMay 13, 2026

Vulnerability Description

Sonatype Nexus Repository Manager through 2.14.5 has weak password encryption with a hardcoded CMMDwoV value in the LDAP integration feature.

📦

Sonatype

<= 2.14.5

Sonatype Nexus Repository Manager before 3.15.0 has Incorrect Access Control.

Sonatype Nexus Repository Manager before 3.17.0 establishes a default administrator user with weak defaults (fixed credentials).

Sonatype Nexus Repository Manager 3.x up to and including 3.21.2 has Incorrect Access Control.

An issue was discovered in Sonatype Nexus Repository Manager in versions 3.21.1 and 3.22.0. It is possible for a user with appropr...