1. Home
  2. CVE Database
  3. CVE-2019-5475
HIGH · 8.8

CVE-2019-5475

The Nexus Yum Repository Plugin in v2 is vulnerable to Remote Code Execution when instances using CommandLineExecutor.java are supplied vulnerable data, such as the Yum Configuration Capability.

Vulnerability Description

The Nexus Yum Repository Plugin in v2 is vulnerable to Remote Code Execution when instances using CommandLineExecutor.java are supplied vulnerable data, such as the Yum Configuration Capability.

CVSS Score

8.8

HIGH

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality
HIGH
Integrity
HIGH
Availability
HIGH

Affected Products

VendorProductVersions
SonatypeNexus Repository Manager>= 2.0, <= 2.14.9-01

Related Weaknesses (CWE)

CWE-78

References

FAQ

What is CVE-2019-5475?

CVE-2019-5475 is a vulnerability with a CVSS score of 8.8 (HIGH). The Nexus Yum Repository Plugin in v2 is vulnerable to Remote Code Execution when instances using CommandLineExecutor.java are supplied vulnerable data, such as the Yum Configuration Capability.

How severe is CVE-2019-5475?

CVE-2019-5475 has been rated HIGH with a CVSS base score of 8.8/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2019-5475?

Check the references section above for vendor advisories and patch information. Affected products include: Sonatype Nexus Repository Manager.