Do not input private or sensitive data. View Qlik Privacy & Cookie Policy.
Skip to main content

cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Announcements
Talend Cloud AWS EU Scheduled Outage: Starting Tues 26 May 21:00 CEST with expected completion Wed 27 May 01:00 CEST
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
SKumar1632984218
Contributor
Contributor
‎2021-12-07 07:42 AM

Vulnerability Issue : CVE-2020-10199

Vulnerability  : CVE-2020-10199

Sonatype Nexus Repository Manager 3.x < 3.21.2 RCE

Synopsis :The Nexus Repository Manager server running on the remote host is affected by a remote code execution vulnerability. 

Description: The Sonatype Nexus Repository Manager server application running on the remote host is version 3.x prior to 3.21.2. It is, therefore, affected by a remote code execution vulnerability, which allows for an attacker with any type of account on NXRM to execute arbitrary code by crafting a malicious request to NXRM.

Labels (4)
Labels
557 Views
0 Likes
1 Reply
Anonymous
Not applicable
‎2021-12-08 02:43 AM

Hello,

I believe this vulnerability is related to the same issue as described in below sonatype article:

 

https://support.sonatype.com/hc/en-us/articles/360044882533-CVE-2020-10199-Nexus-Repository-Manager-3-Remote-Code-Execution-2020-03-31

 

and as per the recommendation:

 

"We are highly recommending all affected instances of NXRM be upgraded to NXRM 3.21.2 or later."

 

We do support nexus 3.30 starting Talend 7.3.1 version, so please upgrade to avoid any issues.

557 Views
0 Likes