Nexus Repository - 575 CVEs (Page 1/5)

About “Nexus Repository”

A curated feed of “Nexus Repository”-related CVEs appears below. We currently track 575 CVEs for this tag (all time). In the last 365 days, 28 were published. Average CVSS is 7.1 (all time; 6.4 over 365d), and 61% are rated High/Critical (all time). Top CWEs (last 365 days): CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'), CWE-476 - NULL Pointer Dereference, CWE-918 - Server-Side Request Forgery (SSRF).

In our taxonomy this topic maps to a MODERATE impact class. Developer and CI or CD tooling touches supply chains and secrets. Patch controllers and agents, enforce SSO or MFA, rotate tokens, isolate runners, and audit plugins. Use the filters below to sort by CVSS, risk and CWE. Each detail page highlights vendor advisories and mitigation tips.

Support & lifecycle: nexus

This table shows recent release cycles and their projected end-of-life. Data source: endoflife.date.

Cycle	Release	Latest	Premier Support	EOL
3.92	2026-05-07	3.92.3-01	2027-05-07	2027-11-07
3.91	2026-04-07	3.91.1-04	2027-04-07	2027-10-07
3.90	2026-03-05	3.90.3-03	2027-03-05	2027-09-05
3.89	2026-02-03	3.89.1-02	2027-02-03	2027-08-03
3.88	2026-01-13	3.88.0-08	2027-01-13	2027-07-13
3.87	2025-12-02	3.87.2-01	2026-12-02	2027-06-02
3.86	2025-11-05	3.86.3-01	2026-11-05	2027-05-05
3.85	2025-10-07	3.85.1-01	2026-10-07	2027-04-07
3.84	2025-09-09	3.84.2-01	2026-09-09	2027-03-09
3.83	2025-08-12	3.83.2-01	2026-08-12	2027-02-12
3.82	2025-07-09	3.82.1-08	2026-07-09	2027-01-09
3.81	2025-06-10	3.81.1-01	2026-06-10	2026-12-10
3.80	2025-05-06	3.80.0-06	2026-05-06	2026-11-06 Soon
3.79	2025-04-01	3.79.1-04	2026-04-01	2026-10-01 Soon
3.78	2025-03-04	3.78.2-04	2026-03-04	2026-09-04 Soon
3.77	2025-02-04	3.77.2-02	2026-02-04	2026-08-04 Soon
3.76	2025-01-07	3.76.1-01	2026-01-07	2026-07-07 Soon
3.75	2024-12-03	3.75.1-01	2025-12-03	2026-06-03 Soon
3.74	2024-11-05	3.74.0-05	2025-11-05	2026-05-05 Expired
3.73	2024-10-10	3.73.0-12	2025-10-10	2026-04-10 Expired
3.72	2024-09-04	3.72.0-04	2025-09-04	2026-03-04 Expired
3.71	2024-08-08	3.71.0-06	2025-08-08	2026-02-08 Expired
3.70	2024-07-09	3.70.4-02	2025-07-09	2026-01-09 Expired
3.69	2024-06-04	3.69.0-02	2025-06-04	2025-12-04 Expired
3.68	2024-05-07	3.68.1-02	2025-05-07	2025-11-07 Expired
3.67	2024-04-02	3.67.1-01	2025-04-02	2025-10-02 Expired
3.66	2024-03-05	3.66.0-02	2025-03-05	2025-09-05 Expired
3.65	2024-02-06	3.65.0-02	2025-02-06	2025-08-06 Expired
3.64	2024-01-09	3.64.0-04	2025-01-09	2025-07-09 Expired
3.63	2023-12-05	3.63.0-01	2024-12-05	2025-06-05 Expired
3.62	2023-11-07	3.62.0-01	2024-11-07	2025-05-07 Expired
3.61	2023-10-03	3.61.0-02	2024-10-03	2025-04-03 Expired
3.60	2023-09-07	3.60.0-02	2024-09-07	2025-03-07 Expired
3.59	2023-08-15	3.59.0-01	2024-08-15	2025-02-15 Expired
3.58	2023-07-17	3.58.1-02	2024-07-17	2025-01-17 Expired
3.57	2023-07-05	3.57.1-03	2024-07-05	2025-01-05 Expired
3.56	2023-06-19	3.56.0-01	2024-06-19	2024-12-29 Expired
3.55	2023-06-05	3.55.0-01	2024-06-05	2024-12-05 Expired
3.54	2023-05-22	3.54.1-01	2024-05-22	2024-11-22 Expired
3.53	2023-05-03	3.53.1-02	2024-05-03	2024-11-02 Expired
3.52	2023-04-18	3.52.0-01	2024-04-17	2024-10-14 Expired
3.51	2023-04-05	3.51.0-01	2024-04-04	2024-10-01 Expired
3.50	2023-03-27	3.50.0-01	2024-03-26	2024-09-22 Expired
3.49	2023-03-17	3.49.0-02	2024-03-16	2024-09-12 Expired
3.48	2023-02-27	3.48.0-01	2024-02-27	2024-08-25 Expired
3.47	2023-02-08	3.47.1-01	2024-02-08	2024-08-06 Expired
3.46	2023-01-30	3.46.0-01	2024-01-30	2024-07-28 Expired
3.45	2022-12-28	3.45.1	2023-12-28	2024-06-28 Expired
3.44	2022-12-15	3.44.0-01	2023-12-15	2024-06-12 Expired
3.43	2022-11-07	3.43.0-01	2023-11-07	2024-05-05 Expired
3.42	2022-09-26	3.42.0-01	2023-09-26	2024-03-24 Expired
3.41	2022-07-27	3.41.1-01	2023-08-03	2024-01-27 Expired
3.40	2022-06-22	3.40.1-01	2023-08-03	2023-12-22 Expired
3.39	2022-05-23	3.39.0-01	2023-08-03	2023-11-19 Expired
3.38	2022-03-03	3.38.1-01	2023-08-03	2023-09-25 Expired
3.37	2021-11-14	3.37.3-02	Unavailable	2023-05-24 Expired
3.36	2021-10-29	3.36.0-01	Unavailable	2023-04-29 Expired
3.35	2021-10-13	3.35.0-02	Unavailable	2023-04-13 Expired
3.34	2021-08-31	3.34.1-01	Unavailable	2023-03-03 Expired
3.33	2021-08-04	3.33.1-01	Unavailable	2023-02-04 Expired
3.32	2021-07-08	3.32.1	Unavailable	2023-01-08 Expired
3.31	2021-06-16	3.31.1-01	Unavailable	2022-12-16 Expired
3.30	2021-03-04	3.30.1-01	Unavailable	2022-09-04 Expired
3.29	2020-12-04	3.29.2-02	Unavailable	2022-06-04 Expired
2	2017-03-31	2.15.2-03	Unavailable	2025-06-30 Expired

Maintained Soon (≤ 180 days) Expired

Subscribe lifecycle: RSS · RSS (expired) · ICS

Subscribe CVEs: RSS for “Nexus Repository” · RSS (High+Critical only)

CVEs tagged with this topic. Filters apply to the whole list (loaded from JSON).

CVSS ≥ 0.0

2026-05-20

Medium

CVE-2026-20171

A vulnerability in the Border Gateway Protocol (BGP) enforce-first-as feature of Cisco Nexus 3000 Series Switches and Cisco Nexus 9000 Series Switches in standalone NX-OS mode could allow a…

CVSS: 6.8 CWE: CWE-670 - Always-Incorrect Control Flow Implementation View on NVD

2026-05-11

Medium

CVE-2026-7308

An authenticated user with upload permission to a hosted repository can store content that causes arbitrary JavaScript to execute in the browser of any user who browses that repository directory via…

CVSS: 5.1 CWE: CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') View on NVD

Medium

CVE-2026-3048

An authenticated administrator who configures or tests LDAP connectivity in Sonatype Nexus Repository Manager versions 3.0.0 through 3.91.1 may be able to initiate unintended server-side connections…

CVSS: 5.1 CWE: CWE-502 - Deserialization of Untrusted Data View on NVD

2026-05-08

Medium

CVE-2026-43424

In the Linux kernel, the following vulnerability has been resolved: usb: gadget: f_tcm: Fix NULL pointer dereferences in nexus handling The `tpg->tpg_nexus` pointer in the USB Target driver is dyna…

CVSS: 5.5 CWE: CWE-476 - NULL Pointer Dereference View on NVD

2026-04-15

Critical

CVE-2026-5189

CWE-798: Use of Hard-coded Credentials in Sonatype Nexus Repository Manager versions 3.0.0 through 3.70.5 allows an unauthenticated attacker with network access to gain unauthorized read/write access…

CVSS: 9.2 CWE: CWE-798 - Use of Hard-coded Credentials View on NVD

2026-04-08

Medium

CVE-2026-3438

A reflected cross-site scripting vulnerability exists in Sonatype Nexus Repository versions 3.0.0 through 3.90.2 that allows unauthenticated remote attackers to execute arbitrary JavaScript in a vict…

CVSS: 5.1 CWE: CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') View on NVD

Critical

CVE-2026-3199

A vulnerability in the task management component of Sonatype Nexus Repository versions 3.22.1 through 3.90.2 allows an authenticated attacker with task creation permissions to execute arbitrary code,…

CVSS: 9.4 CWE: CWE-502 - Deserialization of Untrusted Data View on NVD

2026-04-01

Medium

CVE-2026-20174

A vulnerability in the Metadata update feature of Cisco Nexus Dashboard Insights could allow an authenticated, remote attacker to write arbitrary files to an affected system. This vulnerability is…

CVSS: 4.9 CWE: CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') View on NVD

Medium

CVE-2026-20042

A vulnerability in the configuration backup feature of Cisco Nexus Dashboard could allow an attacker who has the encryption password and access to Full or Config-only backup files to access sensitive…

CVSS: 6.5 CWE: CWE-295 - Improper Certificate Validation View on NVD

Medium

CVE-2026-20041

A vulnerability in Cisco Nexus Dashboard and Cisco Nexus Dashboard Insights could allow an unauthenticated, remote attacker to conduct a server-side request forgery (SSRF) attack through an affected…

CVSS: 6.1 CWE: CWE-918 - Server-Side Request Forgery (SSRF) View on NVD

2026-02-25

High

CVE-2026-20051

A vulnerability with the Ethernet VPN (EVPN) Layer 2 ingress packet processing of Cisco Nexus 3600 Platform Switches and Cisco Nexus 9500-R Series Switching Platforms could allow an unauthenticated,…

CVSS: 7.4 CWE: CWE-457 - Use of Uninitialized Variable View on NVD

High

CVE-2026-20048

A vulnerability in the Simple Network Management Protocol (SNMP) subsystem of Cisco Nexus 9000 Series Fabric Switches in ACI mode could allow an authenticated, remote attacker to cause a denial of se…

CVSS: 7.7 CWE: CWE-789 - Memory Allocation with Excessive Size Value View on NVD

High

CVE-2026-20033

A vulnerability in Cisco Nexus 9000 Series Fabric Switches in ACI mode could allow an unauthenticated, adjacent attacker to cause a denial of service (DoS) condition on an affected device. This vu…

CVSS: 7.4 CWE: CWE-805 - Buffer Access with Incorrect Length Value View on NVD

2026-01-14

Medium

CVE-2026-0600

Server-Side Request Forgery (SSRF) vulnerability in Sonatype Nexus Repository 3 versions 3.0.0 and later allows authenticated administrators to configure proxy repositories with URLs that can access…

CVSS: 6.2 CWE: CWE-918 - Server-Side Request Forgery (SSRF) View on NVD

Medium

CVE-2026-0601

A reflected cross-site scripting vulnerability exists in Nexus Repository 3 that allows unauthenticated attackers to execute arbitrary JavaScript in a victim's browser through a specially crafted req…

CVSS: 5.1 CWE: CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') View on NVD

2025-12-24

Unknown

CVE-2023-54154

In the Linux kernel, the following vulnerability has been resolved: scsi: target: core: Fix target_cmd_counter leak The target_cmd_counter struct allocated via target_alloc_cmd_counter() is never f…

CVSS: N/A CWE: N/A View on NVD

2025-10-29

Medium

CVE-2025-64142

A missing permission check in Jenkins Nexus Task Runner Plugin 0.9.2 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified credent…

CVSS: 4.3 CWE: CWE-862 - Missing Authorization View on NVD

Medium

CVE-2025-64141

A cross-site request forgery (CSRF) vulnerability in Jenkins Nexus Task Runner Plugin 0.9.2 and earlier allows attackers to connect to an attacker-specified URL using attacker-specified credentials.

CVSS: 4.3 CWE: CWE-352 - Cross-Site Request Forgery (CSRF) View on NVD

2025-10-08

High

CVE-2025-9868

Server-Side Request Forgery (SSRF) in the Remote Browser Plugin in Sonatype Nexus Repository 2.x up to and including 2.15.2 allows unauthenticated remote attackers to exfiltrate proxy repository cred…

CVSS: 8.7 CWE: CWE-918 - Server-Side Request Forgery (SSRF) View on NVD

2025-09-11

High

CVE-2025-39788

In the Linux kernel, the following vulnerability has been resolved: scsi: ufs: exynos: Fix programming of HCI_UTRL_NEXUS_TYPE On Google gs101, the number of UTP transfer request slots (nutrs) is 32…

CVSS: 7.8 CWE: CWE-787 - Out-of-bounds Write View on NVD

2025-08-27

Medium

CVE-2025-20348

A vulnerability in the REST API endpoints of Cisco Nexus Dashboard and Cisco Nexus Dashboard Fabric Controller (NDFC) could allow an authenticated, low-privileged, remote attacker to view sensitive i…

CVSS: 5.0 CWE: CWE-201 - Insertion of Sensitive Information Into Sent Data View on NVD

Medium

CVE-2025-20347

CVSS: 5.4 CWE: CWE-693 - Protection Mechanism Failure View on NVD

Medium

CVE-2025-20344

A vulnerability in the backup restore functionality of Cisco Nexus Dashboard could allow an authenticated, remote attacker to conduct a path traversal attack on an affected device. This vulnerabil…

CVSS: 6.5 CWE: CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') View on NVD

Medium

CVE-2025-20290

A vulnerability in the logging feature of Cisco NX-OS Software for Cisco Nexus 3000 Series Switches, Cisco Nexus 9000 Series Switches in standalone NX-OS mode, Cisco UCS 6400 Fabric Interconnects, Ci…

CVSS: 5.5 CWE: CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor View on NVD

Medium

CVE-2025-20262

A vulnerability in the Protocol Independent Multicast Version 6 (PIM6) feature of Cisco Nexus 3000 Series Switches and Cisco Nexus 9000 Series Switches in standalone NX-OS mode could allow an authent…

CVSS: 5.0 CWE: CWE-476 - NULL Pointer Dereference View on NVD

High

CVE-2025-20241

A vulnerability in the Intermediate System-to-Intermediate System (IS-IS) feature of Cisco NX-OS Software for Cisco Nexus 3000 Series Switches and Cisco Nexus 9000 Series Switches in standalone NX-OS…

CVSS: 7.4 CWE: CWE-733 - Compiler Optimization Removal or Modification of Security-critical Code View on NVD

2025-06-18

Medium

CVE-2025-38075

In the Linux kernel, the following vulnerability has been resolved: scsi: target: iscsi: Fix timeout on deleted connection NOPIN response timer may expire on a deleted connection and crash with suc…

CVSS: 5.5 CWE: CWE-476 - NULL Pointer Dereference View on NVD

2025-06-04

High

CVE-2025-20163

A vulnerability in the SSH implementation of Cisco Nexus Dashboard Fabric Controller (NDFC) could allow an unauthenticated, remote attacker to impersonate Cisco NDFC-managed devices. This vulnerab…

CVSS: 8.7 CWE: CWE-322 - Key Exchange without Entity Authentication View on NVD

2025-05-23

Medium

CVE-2024-13945

Stored Absolute Path Traversal vulnerabilities in ASPECT could expose sensitive data if administrator credentials become compromised. This issue affects ASPECT-Enterprise: through 3.*; NEXUS Series…

CVSS: 6.0 CWE: CWE-36 - Absolute Path Traversal View on NVD

2025-05-22

Medium

CVE-2024-51553

Predictable filename vulnerabilities in ASPECT may expose sensitive information to a potential attacker if administrator credentials become compromisedThis issue affects ASPECT-Enterprise: through 3.…

CVSS: 6.5 CWE: CWE-73 - External Control of File Name or Path View on NVD

Medium

CVE-2024-51552

Weak password storage vulnerabilities exist in ASPECT if administrator credentials become compromisedThis issue affects ASPECT-Enterprise: through 3.*; NEXUS Series: through 3.*; MATRIX Series: throu…

CVSS: 6.0 CWE: CWE-257 - Storing Passwords in a Recoverable Format View on NVD

Medium

CVE-2024-48848

Large content vulnerabilities are present in ASPECT exposing a device to disk overutilization on a system if administrator credentials become compromisedThis issue affects ASPECT-Enterprise: through…

CVSS: 6.5 CWE: CWE-774 - Allocation of File Descriptors or Handles Without Limits or Throttling View on NVD

Medium

CVE-2024-13958

Stored Cross Site Scripting vulnerabilities exist in ASPECT if administrator creden-tials become compromisedThis issue affects ASPECT-Enterprise: through 3.*; NEXUS Series: through 3.*; MATRIX Series…

CVSS: 4.8 CWE: CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') View on NVD

High

CVE-2024-13957

SSRF Server Side Request Forgery vulnerabilities exist in ASPECT if administrator credentials become compromisedThis issue affects ASPECT-Enterprise: through 3.*; NEXUS Series: through 3.*; MATRIX Se…

CVSS: 7.6 CWE: CWE-918 - Server-Side Request Forgery (SSRF) View on NVD

Medium

CVE-2024-13956

SSL Verification Bypass vulnerabilities exist in ASPECT if administrator credentials become compromisedThis issue affects ASPECT-Enterprise: through 3.*; NEXUS Series: through 3.*; MATRIX Series: thr…

CVSS: 6.7 CWE: CWE-295 - Improper Certificate Validation View on NVD

High

CVE-2024-13955

2nd Order SQL injection vulnerabilities in ASPECT allow unintended access and manipulation of database repositories if administrator credentials become compromised.This issue affects ASPECT-Enterpris…

CVSS: 8.8 CWE: CWE-89 - Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') View on NVD

Medium

CVE-2024-13954

Serialized configuration information may be disclosed during device commissioning while using ASPECT's configuration toolsetThis issue affects ASPECT-Enterprise: through 3.*; NEXUS Series: through 3.…

CVSS: 6.5 CWE: CWE-922 - Insecure Storage of Sensitive Information View on NVD

Medium

CVE-2024-13953

Sensitive device logger information in ASPECT may be exposed if administrator credentials become compromisedThis issue affects ASPECT-Enterprise: through 3.*; NEXUS Series: through 3.*; MATRIX Series…

CVSS: 4.9 CWE: CWE-359 - Exposure of Private Personal Information to an Unauthorized Actor View on NVD

High

CVE-2024-13952

CVSS: 8.4 CWE: CWE-94 - Improper Control of Generation of Code ('Code Injection') View on NVD

High

CVE-2024-13951

One way hash with predictable salt vulnerabilities in ASPECT may expose sensitive information to a potential attackerThis issue affects ASPECT-Enterprise: through 3.*; NEXUS Series: through 3.*; MATR…

CVSS: 7.6 CWE: CWE-760 - Use of a One-Way Hash with a Predictable Salt View on NVD

Medium

CVE-2024-13950

Log injection vulnerabilities in ASPECT provide attacker access to inject malicious browser scripts if administrator credentials become compromised.This issue affects ASPECT-Enterprise: through 3.*;…

CVSS: 6.8 CWE: CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') View on NVD

Medium

CVE-2024-13949

CVSS: 6.8 CWE: CWE-117 - Improper Output Neutralization for Logs View on NVD

High

CVE-2024-13948

Windows permissions for ASPECT configuration toolsets are not fully secured allow-ing exposure of configuration informationThis issue affects ASPECT-Enterprise: through 3.*; NEXUS Series: through 3.*…

CVSS: 7.3 CWE: CWE-276 - Incorrect Default Permissions View on NVD

Medium

CVE-2024-13947

Device commissioning parameters in ASPECT may be modified by an external source if administrative credentials become compromisedThis issue affects ASPECT-Enterprise: through 3.*; NEXUS Series: throug…

CVSS: 6.0 CWE: CWE-863 - Incorrect Authorization View on NVD

Medium

CVE-2024-13946

DLL's are not digitally signed when loaded in ASPECT's configuration toolset exposing the application to binary planting during device commissioning.This issue affects ASPECT-Enterprise: through 3.*;…

CVSS: 6.8 CWE: CWE-427 - Uncontrolled Search Path Element View on NVD

Medium

CVE-2025-30173

File upload vulnerabilities are present in ASPECT if session administrator credentials become compromised This issue affects ASPECT-Enterprise: through 3.08.03; NEXUS Series: through 3.08.03; MATRIX…

CVSS: 6.7 CWE: CWE-434 - Unrestricted Upload of File with Dangerous Type View on NVD

High

CVE-2025-30172

Remote Code Execution vulnerabilities are present in ASPECT if session administrator credentials become compromised This issue affects ASPECT-Enterprise: through 3.08.03; NEXUS Series: through 3.08.0…

CVSS: 8.0 CWE: CWE-94 - Improper Control of Generation of Code ('Code Injection') View on NVD

Critical

CVE-2025-30171

System File Deletion vulnerabilities in ASPECT provide attackers access to delete system files if session administrator credentials become compromised. This issue affects ASPECT-Enterprise: through 3…

CVSS: 9.0 CWE: CWE-863 - Incorrect Authorization View on NVD

Medium

CVE-2025-30170

Exposure of file path, file size or file existence vulnerabilities in ASPECT provide attackers access to file system information if session administrator credentials become compromised. This issue af…

CVSS: 5.5 CWE: CWE-497 - Exposure of Sensitive System Information to an Unauthorized Control Sphere View on NVD

Medium

CVE-2025-30169

File upload and execute vulnerabilities in ASPECT allow PHP script injection if session administrator credentials become compromised. This issue affects ASPECT-Enterprise: through 3.08.03; NEXUS Seri…

CVSS: 6.7 CWE: CWE-434 - Unrestricted Upload of File with Dangerous Type View on NVD

Critical

CVE-2025-2410

Port manipulation vulnerabilities in ASPECT provide attackers with the ability to con-trol TCP/IP port access if session administrator credentials become compromised. This issue affects ASPECT-Enterp…

CVSS: 9.1 CWE: CWE-99 - Improper Control of Resource Identifiers ('Resource Injection') View on NVD

Critical

CVE-2025-2409

File corruption vulnerabilities in ASPECT provide attackers access to overwrite sys-tem files if session administrator credentials become compromised This issue affects ASPECT-Enterprise: through 3.0…

CVSS: 9.1 CWE: CWE-73 - External Control of File Name or Path View on NVD

High

CVE-2024-9639

Remote Code Execution vulnerabilities are present in ASPECT if session administra-tor credentials become compromised. This issue affects ASPECT-Enterprise: through 3.08.03; NEXUS Series: through 3.08…

CVSS: 8.0 CWE: CWE-94 - Improper Control of Generation of Code ('Code Injection') View on NVD

High

CVE-2024-13931

Relative Path Traversal vulnerabilities in ASPECT allow access to file resources if session administrator credentials become compromised. This issue affects ASPECT-Enterprise: through 3.08.03; NEXUS…

CVSS: 7.2 CWE: CWE-606 - Unchecked Input for Loop Condition View on NVD

Medium

CVE-2024-13930

An Unchecked Loop Condition in ASPECT provides an attacker the ability to maliciously consume system resources if session administrator credentials become compromised This issue affects ASPECT-Enterp…

CVSS: 4.9 CWE: CWE-606 - Unchecked Input for Loop Condition View on NVD

High

CVE-2024-13929

Servlet injection vulnerabilities in ASPECT allow remote code execution if session administrator credentials become compromised. This issue affects ASPECT-Enterprise: through 3.08.03; NEXUS Series: t…

CVSS: 7.2 CWE: CWE-94 - Improper Control of Generation of Code ('Code Injection') View on NVD

High

CVE-2024-13928

SQL injection vulnerabilities in ASPECT allow unintended access and manipulation of database repositories if session administrator credentials become compromised. This issue affects ASPECT-Enterprise…

CVSS: 7.2 CWE: CWE-94 - Improper Control of Generation of Code ('Code Injection') View on NVD

Critical

CVE-2024-48853

An escalation of privilege vulnerability in ASPECT could provide an attacker root access to a server when logged in as a "non" root ASPECT user. This issue affects ASPECT-Enterprise: through 3.08.03;…

CVSS: 9.0 CWE: CWE-286 - Incorrect User Management View on NVD

High

CVE-2024-48850

Absolute File Traversal vulnerabilities in ASPECT allows access and modification of unintended resources. This issue affects ASPECT-Enterprise: through 3.08.03; NEXUS Series: through 3.08.03; MATRIX…

CVSS: 7.2 CWE: CWE-36 - Absolute Path Traversal View on NVD

2025-04-16

Medium

CVE-2025-20150

A vulnerability in Cisco Nexus Dashboard could allow an unauthenticated, remote attacker to enumerate LDAP user accounts. This vulnerability is due to the improper handling of LDAP authentication…

CVSS: 5.3 CWE: CWE-209 - Generation of Error Message Containing Sensitive Information View on NVD

2025-02-26

Medium

CVE-2025-20161

A vulnerability in the software upgrade process of Cisco Nexus 3000 Series Switches and Cisco Nexus 9000 Series Switches in standalone NX-OS mode could allow an authenticated, local attacker with val…

CVSS: 5.1 CWE: CWE-78 - Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') View on NVD

High

CVE-2025-20111

A vulnerability in the health monitoring diagnostics of Cisco Nexus 3000 Series Switches and Cisco Nexus 9000 Series Switches in standalone NX-OS mode could allow an unauthenticated, adjacent attacke…

CVSS: 7.4 CWE: CWE-1220 - Insufficient Granularity of Access Control View on NVD

2025-02-06

Critical

CVE-2024-51547

Use of Hard-coded Credentials vulnerability in ABB ASPECT-Enterprise, ABB NEXUS Series, ABB MATRIX Series.This issue affects ASPECT-Enterprise: through 3.*; NEXUS Series: through 3.*; MATRIX Series:…

CVSS: 9.8 CWE: CWE-798 - Use of Hard-coded Credentials View on NVD

2024-12-05

Critical

CVE-2024-6784

Server-Side Request Forgery vulnerabilities were found providing a potential for access to unauthorized resources and unintended information disclosure. Affected products: ABB ASPECT - Enterprise…

CVSS: 9.9 CWE: CWE-918 - Server-Side Request Forgery (SSRF) View on NVD

Critical

CVE-2024-6516

Cross Site Scripting vulnerabilities where found providing a potential for malicious scripts to be injected into a client browser. Affected products: ABB ASPECT - Enterprise v3.08.02; NEXUS Serie…

CVSS: 9.0 CWE: CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') View on NVD

Critical

CVE-2024-6515

Web browser interface may manipulate application username/password in clear text or Base64 encoding providing a higher probability of unintended credentails exposure. Affected products: ABB ASPEC…

CVSS: 9.6 CWE: CWE-319 - Cleartext Transmission of Sensitive Information View on NVD

Critical

CVE-2024-51555

Default Credentail vulnerabilities allows access to an Aspect device using publicly available default credentials since the system does not require the installer to change default credentials. Affec…

CVSS: 10.0 CWE: CWE-1393 - Use of Default Password View on NVD

Critical

CVE-2024-51554

Default Credentail vulnerabilities in ASPECT on Linux allows access to the product using publicly available default credentials. Affected products: ABB ASPECT - Enterprise v3.08.02; NEXUS Series…

CVSS: 9.1 CWE: CWE-193 - Off-by-one Error View on NVD

Critical

CVE-2024-51551

Default Credentail vulnerabilities in ASPECT on Linux allows access to the product using publicly available default credentials. Affected products: ABB ASPECT - Enterprise v3.07.02; NEXUS Series…

CVSS: 10.0 CWE: CWE-1287 - Improper Validation of Specified Type of Input View on NVD

Critical

CVE-2024-51550

Data Validation / Data Sanitization vulnerabilities in Linux allows unvalidated and unsanitized data to be injected in an Aspect device. Affected products: ABB ASPECT - Enterprise v3.08.02; NEXU…

CVSS: 10.0 CWE: CWE-1287 - Improper Validation of Specified Type of Input View on NVD

Critical

CVE-2024-51549

Absolute File Traversal vulnerabilities allows access and modification of un-intended resources. Affected products: ABB ASPECT - Enterprise v3.08.02; NEXUS Series v3.08.02; MATRIX Series v3.08.…

CVSS: 10.0 CWE: CWE-36 - Absolute Path Traversal View on NVD

Critical

CVE-2024-51548

Dangerous File Upload vulnerabilities allow upload of malicious scripts. Affected products: ABB ASPECT - Enterprise v3.08.02; NEXUS Series v3.08.02; MATRIX Series v3.08.02

CVSS: 9.9 CWE: CWE-434 - Unrestricted Upload of File with Dangerous Type View on NVD

High

CVE-2024-51546

Credentials Disclosure vulnerabilities allow access to on board project back-up bundles. Affected products: ABB ASPECT - Enterprise v3.08.02; NEXUS Series v3.08.02; MATRIX Series v3.08.02

CVSS: 7.5 CWE: CWE-1287 - Improper Validation of Specified Type of Input View on NVD

Critical

CVE-2024-51545

Username Enumeration vulnerabilities allow access to application level username add, delete, modify and list functions. Affected products: ABB ASPECT - Enterprise v3.08.02; NEXUS Series v3.08.02;…

CVSS: 10.0 CWE: CWE-522 - Insufficiently Protected Credentials View on NVD

High

CVE-2024-51544

Service Control vulnerabilities allow access to service restart requests and vm configuration settings. Affected products: ABB ASPECT - Enterprise v3.08.02; NEXUS Series v3.08.02; MATRIX Series…

CVSS: 8.2 CWE: CWE-15 - External Control of System or Configuration Setting View on NVD

High

CVE-2024-51543

Information Disclosure vulnerabilities allow access to application configuration information. Affected products: ABB ASPECT - Enterprise v3.08.02; NEXUS Series v3.08.02; MATRIX Series v3.08.02

CVSS: 8.2 CWE: CWE-15 - External Control of System or Configuration Setting View on NVD

High

CVE-2024-51542

Configuration Download vulnerabilities allow access to dependency configuration information. Affected products: ABB ASPECT - Enterprise v3.08.02; NEXUS Series v3.08.02; MATRIX Series v3.08.02

CVSS: 8.2 CWE: CWE-552 - Files or Directories Accessible to External Parties View on NVD

High

CVE-2024-51541

Local File Inclusion vulnerabilities allow access to sensitive system information. Affected products: ABB ASPECT - Enterprise v3.08.02; NEXUS Series v3.08.02; MATRIX Series v3.08.02

CVSS: 8.2 CWE: CWE-98 - Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') View on NVD

High

CVE-2024-48847

MD5 Checksum Bypass vulnerabilities where found exploiting a weakness in the way an application dependency calculates or validates MD5 checksum hashes. Affected products: ABB ASPECT - Enterprise v…

CVSS: 8.2 CWE: CWE-328 - Use of Weak Hash View on NVD

High

CVE-2024-48846

Cross Site Request Forgery vulnerabilities where found providing a potiential for exposing sensitive information or changing system settings. Affected products: ABB ASPECT - Enterprise v3.08.02;…

CVSS: 7.1 CWE: CWE-352 - Cross-Site Request Forgery (CSRF) View on NVD

Critical

CVE-2024-48845

Weak Password Reset Rules vulnerabilities where found providing a potiential for the storage of weak passwords that could facilitate unauthorized admin/application access. Affected products: ABB…

CVSS: 9.4 CWE: CWE-521 - Weak Password Requirements View on NVD

High

CVE-2024-48844

Denial of Service vulnerabilities where found providing a potiential for device service disruptions. Affected products: ABB ASPECT - Enterprise v3.08.02; NEXUS Series v3.08.02; MATRIX Series v3.…

CVSS: 7.7 CWE: CWE-770 - Allocation of Resources Without Limits or Throttling View on NVD

High

CVE-2024-48843

Denial of Service vulnerabilities where found providing a potiential for device service disruptions. Affected products: ABB ASPECT - Enterprise v3.08.02; NEXUS Series v3.08.02; MATRIX Series v3.…

CVSS: 7.7 CWE: CWE-770 - Allocation of Resources Without Limits or Throttling View on NVD

Critical

CVE-2024-48840

Unauthorized Access vulnerabilities allow Remote Code Execution. Affected products: ABB ASPECT - Enterprise v3.08.02; NEXUS Series v3.08.02; MATRIX Series v3.08.02

CVSS: 10.0 CWE: CWE-94 - Improper Control of Generation of Code ('Code Injection') View on NVD

Critical

CVE-2024-48839

Improper Input Validation vulnerability allows Remote Code Execution. Affected products: ABB ASPECT - Enterprise v3.08.02; NEXUS Series v3.08.02; MATRIX Series v3.08.02

CVSS: 10.0 CWE: CWE-94 - Improper Control of Generation of Code ('Code Injection') View on NVD

Critical

CVE-2024-11317

Session Fixation vulnerabilities allow an attacker to fix a users session identifier before login providing an opportunity for session takeover on a product. Affected products: ABB ASPECT - Enterp…

CVSS: 10.0 CWE: CWE-384 - Session Fixation View on NVD

High

CVE-2024-11316

Fileszie Check vulnerabilities allow a malicious user to bypass size limits or overload to the product. Affected products: ABB ASPECT - Enterprise v3.08.02; NEXUS Series v3.08.02; MATRIX Series…

CVSS: 7.5 CWE: CWE-770 - Allocation of Resources Without Limits or Throttling View on NVD

2024-11-14

High

CVE-2024-5082

A Remote Code Execution vulnerability has been discovered in Sonatype Nexus Repository 2. This issue affects Nexus Repository 2 OSS/Pro versions up to and including 2.15.1.

CVSS: 7.1 CWE: CWE-94 - Improper Control of Generation of Code ('Code Injection') View on NVD

Medium

CVE-2024-5083

A stored Cross-site Scripting vulnerability has been discovered in Sonatype Nexus Repository 2 This issue affects Nexus Repository 2 OSS/Pro versions up to and including 2.15.1.

CVSS: 5.1 CWE: CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') View on NVD

2024-11-06

High

CVE-2024-20536

A vulnerability in a REST API endpoint and web-based management interface of Cisco Nexus Dashboard Fabric Controller (NDFC) could allow an authenticated, remote attacker with read-only privileges to…

CVSS: 8.8 CWE: CWE-89 - Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') View on NVD

Medium

CVE-2024-20371

A vulnerability in the access control list (ACL) programming of Cisco Nexus 3550-F Switches could allow an unauthenticated, remote attacker to send traffic that should be blocked to the management in…

CVSS: 5.3 CWE: CWE-264 View on NVD

2024-10-23

Medium

CVE-2024-5764

Use of Hard-coded Credentials vulnerability in Sonatype Nexus Repository has been discovered in the code responsible for encrypting any secrets stored in the Nexus Repository configuration database (…

CVSS: 6.5 CWE: CWE-798 - Use of Hard-coded Credentials View on NVD

2024-10-02

Medium

CVE-2024-20491

A vulnerability in a logging function of Cisco Nexus Dashboard Insights could allow an attacker with access to a tech support file to view sensitive information. This vulnerability exists because…

CVSS: 6.3 CWE: CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor View on NVD

Medium

CVE-2024-20490

A vulnerability in a logging function of Cisco Nexus Dashboard Fabric Controller (NDFC) and Cisco Nexus Dashboard Orchestrator (NDO) could allow an attacker with access to a tech support file to view…

CVSS: 6.3 CWE: CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor View on NVD

High

CVE-2024-20449

A vulnerability in Cisco Nexus Dashboard Fabric Controller (NDFC) could allow an authenticated, remote attacker with low privileges to execute arbitrary code on an affected device. This vulnerabil…

CVSS: 8.8 CWE: CWE-23 - Relative Path Traversal View on NVD

Medium

CVE-2024-20448

A vulnerability in the Cisco Nexus Dashboard Fabric Controller (NDFC) software, formerly Cisco Data Center Network Manager (DCNM), could allow an attacker with access to a backup file to view sensiti…

CVSS: 6.3 CWE: CWE-313 - Cleartext Storage in a File or on Disk View on NVD

Medium

CVE-2024-20444

A vulnerability in Cisco Nexus Dashboard Fabric Controller (NDFC), formerly Cisco Data Center Network Manager (DCNM), could allow an authenticated, remote attacker with network-admin privileges to pe…

CVSS: 5.5 CWE: CWE-88 - Improper Neutralization of Argument Delimiters in a Command ('Argument Injection') View on NVD

Medium

CVE-2024-20442

A vulnerability in the REST API endpoints of Cisco Nexus Dashboard could allow an authenticated, low-privileged, remote attacker to perform limited Administrator actions on an affected device. Thi…

CVSS: 5.4 CWE: CWE-862 - Missing Authorization View on NVD

Critical

CVE-2024-20432

A vulnerability in the REST API and web UI of Cisco Nexus Dashboard Fabric Controller (NDFC) could allow an authenticated, low-privileged, remote attacker to perform a command injection attack agains…

CVSS: 9.9 CWE: CWE-77 - Improper Neutralization of Special Elements used in a Command ('Command Injection') View on NVD

Medium

CVE-2024-20385

A vulnerability in the SSL/TLS implementation of Cisco Nexus Dashboard Orchestrator (NDO) could allow an unauthenticated, remote attacker to intercept sensitive information from an affected device.&n…

CVSS: 5.9 CWE: CWE-295 - Improper Certificate Validation View on NVD

2024-08-28

Medium

CVE-2024-20286

A vulnerability in the Python interpreter of Cisco NX-OS Software could allow an authenticated, low-privileged, local attacker to escape the Python sandbox and gain unauthorized access to the underly…

CVSS: 5.3 CWE: CWE-693 - Protection Mechanism Failure View on NVD

Medium

CVE-2024-20285

CVSS: 5.3 CWE: CWE-653 - Improper Isolation or Compartmentalization View on NVD

Medium

CVE-2024-20284

CVSS: 5.3 CWE: CWE-693 - Protection Mechanism Failure View on NVD

2024-07-05

Critical

CVE-2024-6298

Unauthorized file access in WEB Server in ABB ASPECT - Enterprise v3.08.01; NEXUS Series v3.08.01 ; MATRIX Series v3.08.01 allows Attacker to execute arbitrary code remotely

CVSS: 10.0 CWE: CWE-1287 - Improper Validation of Specified Type of Input View on NVD

Critical

CVE-2024-6209

Unauthorized file access in WEB Server in ABB ASPECT - Enterprise v3.08.01; NEXUS Series v3.08.01 ; MATRIX Series v3.08.01 allows Attacker to access files unauthorized

CVSS: 10.0 CWE: CWE-552 - Files or Directories Accessible to External Parties View on NVD

2024-07-01

Medium

CVE-2024-20399

A vulnerability in the CLI of Cisco NX-OS Software could allow an authenticated user in possession of Administrator credentials to execute arbitrary commands as root on the underlying operating syste…

CVSS: 6.0 CWE: CWE-78 - Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') View on NVD

High

CVE-2024-4007

Default credential in install package in ABB ASPECT; NEXUS Series; MATRIX Series version 3.07 allows attacker to login to product instances wrongly configured.

CVSS: 8.8 CWE: CWE-1392 - Use of Default Credentials View on NVD

2024-06-07

Critical

CVE-2024-30163

Invision Community before 4.7.16 allow SQL injection via the applications/nexus/modules/front/store/store.php IPS\nexus\modules\front\store\_store::_categoryView() method, where user input passed thr…

CVSS: 9.8 CWE: CWE-89 - Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') View on NVD

2024-05-16

High

CVE-2024-4956

Path Traversal in Sonatype Nexus Repository 3 allows an unauthenticated attacker to read system files. Fixed in version 3.68.1.

CVSS: 7.5 CWE: CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') View on NVD

2024-04-03

High

CVE-2024-20348

A vulnerability in the Out-of-Band (OOB) Plug and Play (PnP) feature of Cisco Nexus Dashboard Fabric Controller (NDFC) could allow an unauthenticated, remote attacker to read arbitrary files. This…

CVSS: 7.5 CWE: CWE-27 - Path Traversal: 'dir/../../filename' View on NVD

Medium

CVE-2024-20302

A vulnerability in the tenant security implementation of Cisco Nexus Dashboard Orchestrator (NDO) could allow an authenticated, remote attacker to modify or delete tenant templates on an affected sys…

CVSS: 5.4 CWE: CWE-284 - Improper Access Control View on NVD

Medium

CVE-2024-20283

A vulnerability in Cisco Nexus Dashboard could allow an authenticated, remote attacker to learn cluster deployment information on an affected device. This vulnerability is due to improper access c…

CVSS: 4.3 CWE: CWE-284 - Improper Access Control View on NVD

Medium

CVE-2024-20282

A vulnerability in Cisco Nexus Dashboard could allow an authenticated, local attacker with valid rescue-user credentials to elevate privileges to root on an affected device. This vulnerability is…

CVSS: 6.0 CWE: CWE-269 - Improper Privilege Management View on NVD

High

CVE-2024-20281

A vulnerability in the web-based management interface of Cisco Nexus Dashboard and Cisco Nexus Dashboard hosted services could allow an unauthenticated, remote attacker to conduct a cross-site reques…

CVSS: 7.5 CWE: CWE-352 - Cross-Site Request Forgery (CSRF) View on NVD

2024-03-05

Medium

CVE-2022-48629

In the Linux kernel, the following vulnerability has been resolved: crypto: qcom-rng - ensure buffer for generate is completely filled The generate function in struct rng_alg expects that the desti…

CVSS: 5.5 CWE: N/A View on NVD

2024-02-29

Medium

CVE-2024-20291

A vulnerability in the access control list (ACL) programming for port channel subinterfaces of Cisco Nexus 3000 and 9000 Series Switches in standalone NX-OS mode could allow an unauthenticated, remot…

CVSS: 5.8 CWE: CWE-284 - Improper Access Control View on NVD

2023-12-13

Medium

CVE-2023-50769

Missing permission checks in Jenkins Nexus Platform Plugin 3.18.0-03 and earlier allow attackers with Overall/Read permission to connect to an attacker-specified HTTP server using attacker-specified…

CVSS: 4.3 CWE: CWE-862 - Missing Authorization View on NVD

High

CVE-2023-50768

A cross-site request forgery (CSRF) vulnerability in Jenkins Nexus Platform Plugin 3.18.0-03 and earlier allows attackers to connect to an attacker-specified HTTP server using attacker-specified cred…

CVSS: 8.8 CWE: CWE-352 - Cross-Site Request Forgery (CSRF) View on NVD

Medium

CVE-2023-50767

Missing permission checks in Jenkins Nexus Platform Plugin 3.18.0-03 and earlier allow attackers with Overall/Read permission to send an HTTP request to an attacker-specified URL and parse the respon…

CVSS: 5.4 CWE: CWE-862 - Missing Authorization View on NVD

High

CVE-2023-50766

A cross-site request forgery (CSRF) vulnerability in Jenkins Nexus Platform Plugin 3.18.0-03 and earlier allows attackers to send an HTTP request to an attacker-specified URL and parse the response a…

CVSS: 8.8 CWE: CWE-352 - Cross-Site Request Forgery (CSRF) View on NVD