Description

Sonatype Nexus Repository Manager before 3.17.0 establishes a default administrator user with weak defaults (fixed credentials).

Remediation

References

CVE-2019-9629

Related Vulnerabilities

Lighttpd Inadequate Encryption Strength Vulnerability (CVE-2013-4508)

WordPress Plugin WP Subtitle Unspecified Vulnerability (2.5)

Apache HTTP Server Improper Link Resolution Before File Access ('Link Following') Vulnerability (CVE-2001-0131)

WordPress Plugin CM Download Manager Arbitrary File Upload (2.8.5)

WebLogic CVE-2022-21441 Vulnerability (CVE-2022-21441)

Severity

Critical

Classification

CVE-2019-9629 CWE-287 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Tags

Missing Update Known Vulnerabilities