QwikSec

Security Database

CVE

CWE

Training

CVE-2019-15588

Published: Nov 1, 2019

Modified: Aug 5, 2024

PUBLISHED

Description

There is an OS Command Injection in Nexus Repository Manager <= 2.14.14 (bypass CVE-2019-5475) that could allow an attacker a Remote Code Execution (RCE). All instances using CommandLineExecutor.java with user-supplied data is vulnerable, such as the Yum Configuration Capability.

Vendor	Product	Versions
n/a	Nexus Repository Manager	affected `<= 2.14.14`

Weaknesses (CWE)

References

https://hackerone.com/reports/688270

x_refsource_MISC

https://support.sonatype.com/hc/en-us/articles/360033490774-CVE-2019-5475-Nexus-Repository-Manager-2-OS-Command-Injection-2019-08-09

x_refsource_CONFIRM

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.