CVE-2021-42568
4.3 MEDIUMSonatype Nexus Repository Manager 3.x through 3.35.0 allows attackers to access the SSL Certificates Loading function via a low-privilege...
Published: 2021-11-02 · Last updated: 2026-06-17
Severity and scoring
- CVSS
- 4.3 MEDIUM
- Vector
- CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
Affected products
| Vendor | Product |
|---|---|
| sonatype | nexus_repository_manager |
Description
Sonatype Nexus Repository Manager 3.x through 3.35.0 allows attackers to access the SSL Certificates Loading function via a low-privileged account.
Source: NVD
References
- [NVD]https://nvd.nist.gov/vuln/detail/CVE-2021-42568
- [Vendor advisory]https://support.sonatype.com
- [Vendor advisory]https://support.sonatype.com/hc/en-us/articles/4408801690515-CVE-2021-42568-Nexus-Repository-Manager-3-Incorrect-Access-Control-October-27-2021
- [Vendor advisory]https://support.sonatype.com
- [Vendor advisory]https://support.sonatype.com/hc/en-us/articles/4408801690515-CVE-2021-42568-Nexus-Repository-Manager-3-Incorrect-Access-Control-October-27-2021
Related CVEs
Same vendor
- CVE-2021-40143 — Sonatype Nexus Repository 3.x through 3.33.1-01 is vulnerable to an HTTP header injection (8.2 HIGH)