CVE-2017-17717

CRITICAL

9.8

CVSS Severity Score

EPSS Score0.1660%

EPSS Percentile2.71th

Published2017年12月17日

Last Modified2026年5月13日

Vulnerability Description

Sonatype Nexus Repository Manager through 2.14.5 has weak password encryption with a hardcoded CMMDwoV value in the LDAP integration feature.

📦

Sonatype

<= 2.14.5

Sonatype Nexus Repository Manager before 3.15.0 has Incorrect Access Control.

Sonatype Nexus Repository Manager before 3.17.0 establishes a default administrator user with weak defaults (fixed credentials).

Sonatype Nexus Repository Manager 3.x up to and including 3.21.2 has Incorrect Access Control.

An issue was discovered in Sonatype Nexus Repository Manager in versions 3.21.1 and 3.22.0. It is possible for a user with appropr...