返回 CVE 浏览器

CVE-2020-10199

Known Exploited (CISA KEV)HIGH

8.8

CVSS Severity Score

EPSS Score90.7320%

EPSS Percentile97.76th

Published2020年4月1日

Last Modified2025年11月7日

Vulnerability Description

Sonatype Nexus Repository before 3.21.2 allows JavaEL Injection (issue 1 of 2).

Affected Platforms (CPE)

📦

Sonatype

Nexus

< 3.21.2

References & Advisories

🔗 http://packetstormsecurity.com/files/157261/Nexus-Repository-Manager-3.21.1-01-Remote-Code-Execution.html

🔗 http://packetstormsecurity.com/files/160835/Sonatype-Nexus-3.21.1-Remote-Code-Execution.html

🔗 https://cwe.mitre.org/data/definitions/917.html

🔗 https://support.sonatype.com/hc/en-us/articles/360044882533

🔗 http://packetstormsecurity.com/files/157261/Nexus-Repository-Manager-3.21.1-01-Remote-Code-Execution.html

🔗 http://packetstormsecurity.com/files/160835/Sonatype-Nexus-3.21.1-Remote-Code-Execution.html

🔗 https://cwe.mitre.org/data/definitions/917.html

🔗 https://support.sonatype.com/hc/en-us/articles/360044882533

相关漏洞威胁

CVE-2008-096010.0

SNMPv3 HMAC verification in (1) Net-SNMP 5.2.x before 5.2.4.1, 5.3.x before 5.3.2.1, and 5.4.x before 5.4.1.1; (2) UCD-SNMP; (3) e...

CVE-2019-72389.8

Sonatype Nexus Repository Manager before 3.15.0 has Incorrect Access Control.

CVE-2019-18049.8

A vulnerability in the SSH key management for the Cisco Nexus 9000 Series Application Centric Infrastructure (ACI) Mode Switch Sof...

CVE-2019-96299.8

Sonatype Nexus Repository Manager before 3.17.0 establishes a default administrator user with weak defaults (fixed credentials).