Nexus Repository Manager (NXRM) is a software package repository management service developed by Sonatype. NXRM can be used as a private Maven server.

Vulnerabilities have been detected in some versions of Nexus Repository Manager, and no vulnerability fix is available. Unauthorized users can exploit this vulnerability to construct specific requests to remotely execute Java code on the NXRM server.

Vulnerability description: CVE-2019-7238 Nexus Repository Manager 3 (Missing Access Controls and Remote Code Execution) - February 5th 2019

Policy: Command execution

Risk level: High

Impacted versions: Nexus Repository Manager OSS/Pro 3.6.2 to 3.14.0

Policy-based protection: Cloud Firewall provides virtual patches to fix this vulnerability. We recommend that you enable Intrusion Prevention to avoid this vulnerability.