CVE-2014-0792

Published Jan 17, 2014

Last updated a month ago

CVSS info 7.5

Overview

Description: Sonatype Nexus 1.x and 2.x before 2.7.1 allows remote attackers to create arbitrary objects and execute arbitrary code via unspecified vectors related to unmarshalling of unintended Object types.
Source: cve@mitre.org
NVD status: Deferred

Risk scores

CVSS 2.0

Type: Primary
Base score: 7.5
Impact score: 6.4
Exploitability score: 10
Vector string: AV:N/AC:L/Au:N/C:P/I:P/A:P

Weaknesses

nvd@nist.gov: CWE-94

Hype score: Not currently trending

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:sonatype:nexus:1.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "9D91A8DD-C3B2-4258-9A83-F85FD9CA5AEA"
          },
          {
            "criteria": "cpe:2.3:a:sonatype:nexus:2.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "AC255313-6743-4318-9400-533551A97904"
          },
          {
            "criteria": "cpe:2.3:a:sonatype:nexus:2.0.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "0DFA8904-FD47-4CF0-9D8A-6E4E8D5147D6"
          },
          {
            "criteria": "cpe:2.3:a:sonatype:nexus:2.0.2:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "15C5954F-7899-499F-ACA1-C34365CEDEC1"
          },
          {
            "criteria": "cpe:2.3:a:sonatype:nexus:2.0.3:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "7DB5988E-B354-4F8D-91AC-39161995269B"
          },
          {
            "criteria": "cpe:2.3:a:sonatype:nexus:2.0.4:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "468BCA4D-FBFF-4ECF-B925-6C4BECE509E5"
          },
          {
            "criteria": "cpe:2.3:a:sonatype:nexus:2.0.4:1:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "9204166D-4460-408D-B1D8-DEC0DA19DA5B"
          },
          {
            "criteria": "cpe:2.3:a:sonatype:nexus:2.0.5:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "EC3B79A2-55D4-44C2-982B-08C23AD64710"
          },
          {
            "criteria": "cpe:2.3:a:sonatype:nexus:2.0.6:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "F5A1C46A-7C6B-430F-945D-968ABBCE1348"
          },
          {
            "criteria": "cpe:2.3:a:sonatype:nexus:2.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "8947E3F8-89CC-4919-8116-605D98FA8B80"
          },
          {
            "criteria": "cpe:2.3:a:sonatype:nexus:2.1.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "5FF73EAB-D7D9-4C9F-9BBF-459FA70D6C62"
          },
          {
            "criteria": "cpe:2.3:a:sonatype:nexus:2.2:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "1FE7B4CF-0FA2-42A4-86A2-D2A101358994"
          },
          {
            "criteria": "cpe:2.3:a:sonatype:nexus:2.3.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "A83DA027-AE5D-4A19-BACE-FACD9859D4AE"
          },
          {
            "criteria": "cpe:2.3:a:sonatype:nexus:2.4.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "D92A3FC0-2D84-48CC-BC1D-3EDE7B08F097"
          },
          {
            "criteria": "cpe:2.3:a:sonatype:nexus:2.5.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "D007ADA9-CAA6-47E8-B135-E95E9FEC6D5B"
          },
          {
            "criteria": "cpe:2.3:a:sonatype:nexus:2.5.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "55F954B1-D301-401A-B6D4-12F10DE9CF36"
          },
          {
            "criteria": "cpe:2.3:a:sonatype:nexus:2.6.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "C21354A4-A877-4B84-B3BB-EE8EBC581DDF"
          },
          {
            "criteria": "cpe:2.3:a:sonatype:nexus:2.6.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "FD592E54-D5D4-4CA3-A90A-5966049E501F"
          },
          {
            "criteria": "cpe:2.3:a:sonatype:nexus:2.6.2:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "97DFC1CB-9855-4025-B956-5471DF55151A"
          },
          {
            "criteria": "cpe:2.3:a:sonatype:nexus:2.6.3:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "BC6D39F4-2E88-4309-9A89-252950486EB2"
          },
          {
            "criteria": "cpe:2.3:a:sonatype:nexus:2.6.4:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "4FFC19B9-F63C-4982-A0AC-29A2558B9F38"
          },
          {
            "criteria": "cpe:2.3:a:sonatype:nexus:2.7.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "B0AC1A75-E88B-4EC5-88A5-01257C65BBF1"
          },
          {
            "criteria": "cpe:2.3:a:sonatype:nexus:2.7.0:04:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "9DC31CAA-CC78-419B-B59F-4E7B756E8B5F"
          },
          {
            "criteria": "cpe:2.3:a:sonatype:nexus:2.7.0:05:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "4494C42B-3ABE-4743-83F4-FF8DDCEB7A3A"
          },
          {
            "criteria": "cpe:2.3:a:sonatype:nexus:2.7.0:06:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "7975DE00-DFFD-4DF0-B971-FF5CE97C72B7"
          }
        ],
        "operator": "OR"
      }
    ]
  }
]

References

Sources include official advisories and independent security research.

Overview

Risk scores

CVSS 2.0

Weaknesses

Social media

Configurations

References