Acunetix DAST powers runtime capabilities for Invicti’s complete AppSec platform. Visit Invicti for more.

WEB APPLICATION VULNERABILITIES Standard & Premium

Nexus Repository Manager Improper Authentication Vulnerability (CVE-2019-9629)

Description

Sonatype Nexus Repository Manager before 3.17.0 establishes a default administrator user with weak defaults (fixed credentials).

Remediation

References

Related Vulnerabilities

Tornado URL Redirection to Untrusted Site ('Open Redirect') Vulnerability (CVE-2023-28370)

Apache Tomcat Permissions, Privileges, and Access Controls Vulnerability (CVE-2014-0050)

WordPress Plugin Photoswipe Masonry Gallery Unspecified Vulnerability (1.2.17)

WordPress Plugin File Manager Information Disclosure (6.4)

WordPress Plugin Video Player Unspecified Vulnerability (1.1.4)

Severity

Critical

Classification

CVE-2019-9629 CWE-287 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Tags

Missing Update Known Vulnerabilities