Nexus Repository Manager (NXRM) is a software package repository management service developed by Sonatype. NXRM can be used as a private Maven server.
Vulnerabilities have been detected in some versions of Nexus Repository Manager, and no vulnerability fix is available. Unauthorized users can exploit this vulnerability to construct specific requests to remotely execute Java code on the NXRM server.
Policy: Command execution
Risk level: High
Impacted versions: Nexus Repository Manager OSS/Pro 3.6.2 to 3.14.0
Policy-based protection: Cloud Firewall provides virtual patches to fix this vulnerability. We recommend that you enable Intrusion Prevention to avoid this vulnerability.