CyberSec.Space Logo
Back to CVE Browser

CVE-2019-7238

Known Exploited (CISA KEV)CRITICAL
9.8
CVSS Severity Score
EPSS Score55.6120%
EPSS Percentile89.23th
PublishedMar 21, 2019
Last ModifiedNov 6, 2025

Vulnerability Description

Sonatype Nexus Repository Manager before 3.15.0 has Incorrect Access Control.

Affected Platforms (CPE)

๐Ÿ“ฆ
Sonatype

Nexus Repository Manager

>= 3.0.0 and < 3.15.0

References & Advisories

๐Ÿ”— https://support.sonatype.com/hc/en-us/articles/360017310793-CVE-2019-7238-Nexus-Repository-Manager-3-Missing-Access-Controls-and-Remote-Code-Execution-February-5th-2019
๐Ÿ”— https://support.sonatype.com/hc/en-us/articles/360017310793-CVE-2019-7238-Nexus-Repository-Manager-3-Missing-Access-Controls-and-Remote-Code-Execution-February-5th-2019
๐Ÿ”— https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2019-7238

Related Vulnerabilities

CVE-2017-177179.8

Sonatype Nexus Repository Manager through 2.14.5 has weak password encryption with a hardcoded CMMDwoV value in the LDAP integrati...

CVE-2019-96299.8

Sonatype Nexus Repository Manager before 3.17.0 establishes a default administrator user with weak defaults (fixed credentials).

CVE-2020-117538.8

An issue was discovered in Sonatype Nexus Repository Manager in versions 3.21.1 and 3.22.0. It is possible for a user with appropr...

CVE-2020-114448.8

Sonatype Nexus Repository Manager 3.x up to and including 3.21.2 has Incorrect Access Control.