CVE-2019-15588

HIGH

Nexus Repository Manager <= 2.14.14 - OS Command Injection via CommandLineExecutor.java

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2019-15588. PoCs published by EXP-Docs.

AI-analyzed exploit summary The repository lacks actual exploit code and instead redirects to an external link, which is a common tactic for suspicious or malicious repositories. The README is minimal and does not provide technical details about the vulnerability.

Description

There is an OS Command Injection in Nexus Repository Manager <= 2.14.14 (bypass CVE-2019-5475) that could allow an attacker a Remote Code Execution (RCE). All instances using CommandLineExecutor.java with user-supplied data is vulnerable, such as the Yum Configuration Capability.

Exploits (1)

nomisec SUSPICIOUS

by EXP-Docs · poc

https://github.com/EXP-Docs/CVE-2019-15588

View Code ZIP pw:eip

The repository lacks actual exploit code and instead redirects to an external link, which is a common tactic for suspicious or malicious repositories. The README is minimal and does not provide technical details about the vulnerability.

Classification

Suspicious 90%

Attack Type

Other

Complexity

Theoretical

Reliability

Theoretical

Target: unknown

No auth needed

devstral-2 · analyzed Feb 18, 2026 Full analysis →

References (2)

Core 2

Core References

Issue Tracking, Patch, Third Party Advisory x_refsource_misc

https://hackerone.com/reports/688270

Vendor Advisory x_refsource_confirm

https://support.sonatype.com/hc/en-us/articles/360033490774-CVE-2019-5475-Nexus-Repository-Manager-2-OS-Command-Injection-2019-08-09

Scores

CVSS v3 7.2

EPSS 0.0560

EPSS Percentile 91.9%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Details

CWE

CWE-77 CWE-78

Status published

Products (1)

sonatype/nexus_repository_manager < 2.14.14

Published Nov 01, 2019

Tracked Since Feb 18, 2026