Security Advisories

Important advisories of known security vulnerabilities in Sonatype products.

• CVE-2020-29436 Nexus Repository Manager 3 and Nexus IQ Server - XML External Entities injection - 2020-12-15
• CVE-2020-13933 Nexus Repository Manger 2 & 3 - Shiro Authentication Bypass - 2020-10-15
• CVE-2020-24622 Nexus Repository Manager 3 - Sensitive Information Disclosure - 2020-09-15
• CVE-2020-15868 Nexus Repository Manager 3 - Access Controls Bypass - 2020-08-11
• CVE-2020-15871 Nexus Repository Manager 3 - Remote Code Execution - 2020-07-29
• CVE-2020-15870 Nexus Repository Manager 3 - Reflection XSS - 2020-07-29
• CVE-2020-15869 Nexus Repository Manager 3 - Reflection XSS - 2020-07-29
• CVE-2020-15012 Nexus Repository Manager 2 - Directory Traversal - 2020-10-08
• CVE-2020-11753 Nexus Repository Manager 3 - Improper Access Controls - 2020-04-16
• CVE-2020-11444 Nexus Repository Manager 3 - Improper Access Controls - 2020-04-02
• CVE-2020-11415 Nexus Repository Manager 2 & 3 - Sensitive Information Disclosure - 2020-04-16
• CVE-2020-10203 Nexus Repository Manager 3 - Cross Site Scripting XSS - 2020-03-31
• CVE-2020-10204 Nexus Repository Manager 3 - Remote Code Execution - 2020-03-31
• CVE-2020-10199 Nexus Repository Manager 3 - Remote Code Execution - 2020-03-31
• CVE-2019-16530 Nexus Repository Manager 2 & 3, and Nexus IQ Server - Remote Code Execution - 2019-09-19
• CVE-2019-15893 Nexus Repository Manager 2 - Remote Code Execution - 2019-09-03
• CVE-2019-5475 & sonatype-2019-0429 (CVE-2019-15588) Nexus Repository Manager 2 - OS Command Injection - 2019-08-09
• CVE-2019-14469 Nexus Repository Manager 3 - Cross Site Scripting XSS - 2019-07-26
• CVE-2019-11629 Nexus Repository Manager 2 - Cross Site Scripting XSS - 2019-05-02
• CVE-2019-7238 Nexus Repository Manager 3 - Missing Access Controls and Remote Code Execution - 2019-02-05
• CVE-2018-16619 Nexus Repository Manager 3 - Cross Site Scripting XSS - 2018-10-17
• CVE-2018-16620 Nexus Repository Manager 3 - Missing Access Controls - 2018-10-17
• CVE-2018-16621 Nexus Repository Manager 3 - Java Injection - 2018-10-17
• CVE-2018-12100 Nexus Repository Manager 3 - Cross-Site Scripting XSS - 2018-06-04
• CVE-2018-5307 Nexus Repository Manager 2 - Cross-Site Scripting XSS - 2018-02-08
• CVE-2018-5306 Nexus Repository Manager 3 - Cross-Site Scripting XSS - 2018-02-08
• CVE-2016-4437 Nexus Repository Manager 2 - Remote Code Execution - 2016-06-20
• CVE-2014-9389 Nexus Repository Manager 2 - Directory Traversal - 2014-12-23
• CVE-2014-2034 Nexus Repository Manager 2 - REST API Account Creation - 2014-03-03
• CVE-2014-0792 Nexus Repository Manager 2 - xstream Remote Code Execution - 2014-01-09