Skip to main content

Nexus Repository Manager CVE-2017-17717

CRITICAL
Use of a Broken or Risky Cryptographic Algorithm (CWE-327)
2017-12-17 cve@mitre.org
9.8
CVSS 3.0 · NVD
Share

Severity by source

NVD PRIMARY
9.8 CRITICAL
AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High

Lifecycle Timeline

1
CVE Published
Dec 17, 2017 - 17:29 cve.org
CRITICAL 9.8

DescriptionCVE.org

Sonatype Nexus Repository Manager through 2.14.5 has weak password encryption with a hardcoded CMMDwoV value in the LDAP integration feature.

AnalysisAI

Sonatype Nexus Repository Manager through 2.14.5 has weak password encryption with a hardcoded CMMDwoV value in the LDAP integration feature. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Technical ContextAI

This vulnerability is classified under CWE-327. Sonatype Nexus Repository Manager through 2.14.5 has weak password encryption with a hardcoded CMMDwoV value in the LDAP integration feature. Affected products include: Sonatype Nexus Repository Manager. Version information: through 2.14.5.

RemediationAI

No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Apply vendor patches when available. Implement network segmentation and monitoring as interim mitigations.

CVE-2019-7238 CRITICAL POC
9.8 Mar 21

Sonatype Nexus Repository Manager before 3.15.0 has Incorrect Access Control. Rated critical severity (CVSS 9.8), this v

CVE-2019-5475 HIGH POC
8.8 Sep 03

The Nexus Yum Repository Plugin in v2 is vulnerable to Remote Code Execution when instances using CommandLineExecutor.ja

CVE-2018-16621 HIGH POC
7.2 Nov 15

Sonatype Nexus Repository Manager before 3.14 allows Java Expression Language Injection. Rated high severity (CVSS 7.2),

CVE-2018-5307 MEDIUM POC
6.1 Feb 09

Multiple cross-site scripting (XSS) vulnerabilities in Sonatype Nexus Repository Manager (aka NXRM) 2.x before 2.14.6 al

CVE-2018-5306 MEDIUM POC
6.1 Feb 09

Multiple cross-site scripting (XSS) vulnerabilities in Sonatype Nexus Repository Manager (aka NXRM) 3.x before 3.8 allow

CVE-2019-9629 CRITICAL
9.8 Jul 08

Sonatype Nexus Repository Manager before 3.17.0 establishes a default administrator user with weak defaults (fixed crede

CVE-2026-11403 HIGH
8.7 Jul 14

Improper API key generation in Sonatype Nexus Repository Manager lets a remote attacker impersonate a targeted user and

CVE-2026-3329 HIGH
8.7 Jun 11

Credential-guessing attacks against Sonatype Nexus Repository Manager are enabled by missing rate-limiting on authentica

CVE-2020-15012 HIGH
8.6 Oct 12

A Directory Traversal issue was discovered in Sonatype Nexus Repository Manager 2.x before 2.14.19. Rated high severity

CVE-2020-15868 HIGH
7.5 Aug 12

Sonatype Nexus Repository Manager OSS/Pro before 3.26.0 has Incorrect Access Control. Rated high severity (CVSS 7.5), th

CVE-2019-9630 HIGH
7.5 Jul 08

Sonatype Nexus Repository Manager before 3.17.0 has a weak default of giving any unauthenticated user read permissions o

CVE-2018-16620 HIGH
7.5 Nov 15

Sonatype Nexus Repository Manager before 3.14 has Incorrect Access Control. Rated high severity (CVSS 7.5), this vulnera

Share

CVE-2017-17717 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy