loader gif

Code Execution Flaw Found in Sonatype Nexus Repository Manager

Code Execution Flaw Found in Sonatype Nexus Repository Manager (Malware and Vulnerabilities)

A critical remote code execution vulnerability has been found and patched in Sonatype’s Nexus Repository Manager (NXRM), a popular open-source tool that allows developers to manage software components. A patch was released by the vendor on January 11, and Trend Micro on Thursday released technical details on how the vulnerability can be exploited. The flaw has been classified as “critical” (CVSS score of 10) and Trend Micro warns that since it doesn’t require authentication it’s easier for malicious actors to exploit. However, as evidenced by vulnerabilities like CVE-2019-7238, such tools can also be susceptible to abuse,” Trend Micro warned. “This highlights the need for continuous monitoring in software development, which involves identifying vulnerabilities and making use of the latest threat intelligence against malware or exploits that take advantage of security flaws.” Related: Hackers Exploit WinRAR Vulnerability to Deliver Malware

loader gif