CISA Known Exploited Vulnerability

This vulnerability is actively exploited in the wild and listed in the CISA Known Exploited Vulnerabilities catalog.

Remediation Deadline: Jun 10, 2022

CVE-2019-7238

High

EPSS 94.4%CISA KEV

Sonatype/Nexus Repository Manager

Description

Sonatype Nexus Repository Manager before 3.15.0 has an incorrect access control vulnerability. Exploitation allows for remote code execution.

94.4%

Higher than 100.0% of all CVEs

https://nvd.nist.gov/vuln/detail/CVE-2019-7238

HIGH

In CISA KEV

High EPSS

Published

Dec 10, 2021

Added to KEV

Dec 10, 2021

Remediation Due

Jun 10, 2022

Sonatype

Nexus Repository Manager