KEVIntel
Back to KEVs
9.8
CVSS
Critical

CVE-2019-7238

PUBLISHED

Sonatype Nexus Repository Manager before 3.15.0 has Incorrect Access Control.

Exploited in the wild Remote Low complexity No user interaction
Vendor
Sonatype
Product
Nexus Repository Manager
Published
Mar 21, 2019
EPSS

Description

Sonatype Nexus Repository Manager before 3.15.0 has Incorrect Access Control.

cisa nuclei_scanner

CVSS scores

CVSS v3.1 9.8 Critical

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CVSS v2.0 7.5

AV:N/AC:L/Au:N/C:P/I:P/A:P

Exploitation status

Exploited in the wild

Recorded 2021-12-10 00:00:00 UTC · Source

SSVC decision points

Exploitation
active
Automatable
Yes
Technical impact
total

References

Known exploited vulnerability sources

Catalogues that list this CVE as a known exploited vulnerability.

Source Added
CISA Dec 10, 2021
CISA Dec 10, 2021

Scanner integrations

Scanner Reference Detected
Nuclei https://github.com/projectdiscovery/nuclei-templates/blob/main/http/cves/2019/CVE-2019-7238.yaml Apr 25, 2025

Potential proof of concepts

These PoCs are unverified and could contain malware. Use at your own risk.

smallpiggy/CVE-2019-7238

github · Created 2021-05-20 14:03:10 UTC · 1 stars

RCE

magicming200/CVE-2019-7238_Nexus_RCE_Tool

github · Created 2020-01-10 09:19:10 UTC · 24 stars

CVE-2019-7238 Nexus RCE漏洞图形化一键检测工具。CVE-2019-7238 Nexus RCE Vul POC Tool.

verctor/nexus_rce_CVE-2019-7238

github · Created 2019-07-26 16:08:40 UTC · 40 stars

Some debug notes and exploit(not blind)

jas502n/CVE-2019-7238

github · Created 2019-05-21 13:16:02 UTC · 82 stars

Nexus Repository Manager 3 Remote Code Execution without authentication < 3.15.0

mpgn/CVE-2019-7238

github · Created 2019-02-24 23:09:43 UTC · 150 stars

🐱‍💻 Poc of CVE-2019-7238 - Nexus Repository Manager 3 Remote Code Execution 🐱‍💻

Timeline

  • CVE ID Reserved

  • CVE Published to Public

  • Added to KEVIntel

  • Added to KEVIntel

  • Detected by Nuclei