Vulnerability Description
Sonatype Nexus 1.x and 2.x before 2.7.1 allows remote attackers to create arbitrary objects and execute arbitrary code via unspecified vectors related to unmarshalling of unintended Object types.
CVSS Score
7.5
HIGH
AV:N/AC:L/Au:N/C:P/I:P/A:P
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Sonatype | Nexus | 1.0 |
Related Weaknesses (CWE)
References
- http://www.sonatype.org/advisories/archive/2014-01-13-NexusPatchVendor Advisory
- https://sonatype.zendesk.com/entries/37551958-Configuring-Xstream-Whitelist
- https://support.sonatype.com/entries/37828023-Nexus-Security-VulnerabilityPatchVendor Advisory
- http://www.sonatype.org/advisories/archive/2014-01-13-NexusPatchVendor Advisory
- https://sonatype.zendesk.com/entries/37551958-Configuring-Xstream-Whitelist
- https://support.sonatype.com/entries/37828023-Nexus-Security-VulnerabilityPatchVendor Advisory
FAQ
What is CVE-2014-0792?
CVE-2014-0792 is a vulnerability with a CVSS score of 7.5 (HIGH). Sonatype Nexus 1.x and 2.x before 2.7.1 allows remote attackers to create arbitrary objects and execute arbitrary code via unspecified vectors related to unmarshalling of unintended Object types.
How severe is CVE-2014-0792?
CVE-2014-0792 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2014-0792?
Check the references section above for vendor advisories and patch information. Affected products include: Sonatype Nexus.