Description
Sonatype Nexus Repository Manager 2.x before 2.14.15 and 3.x before 3.19, and IQ Server before 72, has remote code execution.
Remediation
References
https://issues.sonatype.org/secure/ReleaseNote.jspa
https://support.sonatype.com/hc/en-us/articles/360036132453
Related Vulnerabilities
CVE-2020-11023 Vulnerability in maven package org.webjars.bower:jquery
CVE-2022-48345 Vulnerability in npm package @braintree/sanitize-url
CVE-2022-28366 Vulnerability in maven package org.codelibs:nekohtml
CVE-2022-31160 Vulnerability in npm package jquery-ui
CVE-2022-46175 Vulnerability in maven package org.webjars.bower:json5