Get a demo
100% Signal 0% Noise Invicti Logo - The Largest Dynamic Application Security Solutions Provider In The World Get a demo
Nexus Repository Manager Improper Neutralization of Special Elements used in an OS Command (OS Command Injection) Vulnerability - CVE-2019-15588 - Vulnerability Database
Nexus Repository Manager

Nexus Repository Manager Improper Neutralization of Special Elements used in an OS Command (OS Command Injection) Vulnerability - CVE-2019-15588

High
Reference: CVE-2019-15588
NVD Link: https://nvd.nist.gov/vuln/detail/CVE-2019-15588
Title: Nexus Repository Manager Improper Neutralization of Special Elements used in an OS Command (OS Command Injection) Vulnerability
Overview:

There is an OS Command Injection in Nexus Repository Manager lt 2.14.14 (bypass CVE-2019-5475) that could allow an attacker a Remote Code Execution (RCE). All instances using CommandLineExecutor.java with user-supplied data is vulnerable such as the Yum Configuration Capability.