Known Vulnerabilities for Nexus Repository Manager by Sonatype
Listed below are 10 of the newest known vulnerabilities associated with "Nexus Repository Manager" by "Sonatype".
These CVEs are retrieved based on exact matches on listed software, hardware, and vendor information (CPE data) as well as a keyword search to ensure the newest vulnerabilities with no officially listed software information are still displayed.
Data on known vulnerable versions is also displayed based on information from known CPEs
Known Vulnerabilities
| CVE | Shortened Description | Severity | Publish Date | Last Modified |
|---|---|---|---|---|
| CVE-2026-5189 json | CWE-798: Use of Hard-coded Credentials in Sonatype Nexus Repository Manager versions 3.0.0 through 3.70.5 allows an unauthent... | Not Provided | 2026-04-15 | 2026-04-16 |
| CVE-2022-27907 json | Sonatype Nexus Repository Manager 3.x before 3.38.0 allows SSRF. | 4.3 - MEDIUM | 2022-03-30 | 2022-04-07 |
| CVE-2021-43961 json | Sonatype Nexus Repository Manager 3.36.0 allows HTML Injection. | 4.3 - MEDIUM | 2022-03-17 | 2022-07-12 |
| CVE-2021-43293 json | Sonatype Nexus Repository Manager 3.x before 3.36.0 allows a remote authenticated attacker to potentially perform network enu... | 4.3 - MEDIUM | 2021-11-04 | 2021-11-05 |
| CVE-2021-42568 json | Sonatype Nexus Repository Manager 3.x through 3.35.0 allows attackers to access the SSL Certificates Loading function via a l... | 4.3 - MEDIUM | 2021-11-02 | 2022-06-28 |
| CVE-2021-37152 json | Multiple XSS issues exist in Sonatype Nexus Repository Manager 3 before 3.33.0. An authenticated attacker with the ability to... | 5.4 - MEDIUM | 2021-08-10 | 2021-08-16 |
| CVE-2021-34553 json | Sonatype Nexus Repository Manager 3.x before 3.31.0 allows a remote authenticated attacker to get a list of blob files and re... | 4.3 - MEDIUM | 2021-06-18 | 2021-06-22 |
| CVE-2021-30635 json | Sonatype Nexus Repository Manager 3.x before 3.30.1 allows a remote attacker to get a list of files and directories that exis... | 5.3 - MEDIUM | 2021-04-27 | 2021-05-04 |
| CVE-2021-29159 json | A cross-site scripting (XSS) vulnerability has been discovered in Nexus Repository Manager 3.x before 3.30.1. An attacker wit... | 6.1 - MEDIUM | 2021-04-28 | 2021-05-05 |
| CVE-2020-29436 json | Sonatype Nexus Repository Manager 3.x before 3.29.0 allows a user with admin privileges to configure the system to gain acces... | 6.5 - MEDIUM | 2020-12-17 | 2020-12-18 |
Known Affected Configurations (CPE V2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Application | Sonatype | Nexus Repository Manager | 3.9.0-01 | |||
| Application | Sonatype | Nexus Repository Manager | 3.9.0 | |||
| Application | Sonatype | Nexus Repository Manager | 3.8.0-02 | |||
| Application | Sonatype | Nexus Repository Manager | 3.8.0 | |||
| Application | Sonatype | Nexus Repository Manager | 3.7.1-02 | |||
| Application | Sonatype | Nexus Repository Manager | 3.7.1 | |||
| Application | Sonatype | Nexus Repository Manager | 3.7.0-04 | |||
| Application | Sonatype | Nexus Repository Manager | 3.7.0 | |||
| Application | Sonatype | Nexus Repository Manager | 3.6.2-01 | |||
| Application | Sonatype | Nexus Repository Manager | 3.6.2 | |||
| Application | Sonatype | Nexus Repository Manager | 3.6.1-02 | |||
| Application | Sonatype | Nexus Repository Manager | 3.6.1 | |||
| Application | Sonatype | Nexus Repository Manager | 3.6.0-02 | |||
| Application | Sonatype | Nexus Repository Manager | 3.6.0 | |||
| Application | Sonatype | Nexus Repository Manager | 3.5.2-01 | |||
| Application | Sonatype | Nexus Repository Manager | 3.5.2 | |||
| Application | Sonatype | Nexus Repository Manager | 3.5.1 | |||
| Application | Sonatype | Nexus Repository Manager | 3.5.0-02 | |||
| Application | Sonatype | Nexus Repository Manager | 3.5.0 | |||
| Application | Sonatype | Nexus Repository Manager | 3.4.0-02 |