返回 CVE 浏览器

CVE-2019-7238

Known Exploited (CISA KEV)CRITICAL

9.8

CVSS Severity Score

EPSS Score55.6120%

EPSS Percentile89.23th

Published2019年3月21日

Last Modified2025年11月6日

Vulnerability Description

Sonatype Nexus Repository Manager before 3.15.0 has Incorrect Access Control.

Affected Platforms (CPE)

📦

Sonatype

Nexus Repository Manager

>= 3.0.0 and < 3.15.0

References & Advisories

🔗 https://support.sonatype.com/hc/en-us/articles/360017310793-CVE-2019-7238-Nexus-Repository-Manager-3-Missing-Access-Controls-and-Remote-Code-Execution-February-5th-2019

🔗 https://support.sonatype.com/hc/en-us/articles/360017310793-CVE-2019-7238-Nexus-Repository-Manager-3-Missing-Access-Controls-and-Remote-Code-Execution-February-5th-2019

🔗 https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2019-7238

相关漏洞威胁

CVE-2017-177179.8

Sonatype Nexus Repository Manager through 2.14.5 has weak password encryption with a hardcoded CMMDwoV value in the LDAP integrati...

CVE-2019-96299.8

Sonatype Nexus Repository Manager before 3.17.0 establishes a default administrator user with weak defaults (fixed credentials).

CVE-2020-117538.8

An issue was discovered in Sonatype Nexus Repository Manager in versions 3.21.1 and 3.22.0. It is possible for a user with appropr...

CVE-2020-114448.8

Sonatype Nexus Repository Manager 3.x up to and including 3.21.2 has Incorrect Access Control.