CVE-2020-10199

HIGH KEV NUCLEI

Nexus Repository Manager Java EL Injection RCE

Title source: metasploit

Description

Sonatype Nexus Repository before 3.21.2 allows JavaEL Injection (issue 1 of 2).

Exploits (10)

exploitdb WORKING POC VERIFIED
by 1F98D · pythonwebappsjava
https://www.exploit-db.com/exploits/49385
exploitdb WORKING POC VERIFIED
by Metasploit · rubyremotelinux
https://www.exploit-db.com/exploits/48343
nomisec WORKING POC 43 stars
by zhzyker · remote-auth
https://github.com/zhzyker/CVE-2020-10199_POC-EXP
nomisec WORKING POC 35 stars
by jas502n · remote-auth
https://github.com/jas502n/CVE-2020-10199
nomisec WORKING POC 31 stars
by aleenzz · remote-auth
https://github.com/aleenzz/CVE-2020-10199
nomisec SCANNER 25 stars
by magicming200 · poc
https://github.com/magicming200/CVE-2020-10199_CVE-2020-10204
nomisec WORKING POC 19 stars
by wsfengfan · infoleak
https://github.com/wsfengfan/CVE-2020-10199-10204
nomisec WORKING POC
by finn79426 · remote-auth
https://github.com/finn79426/CVE-2020-10199
nomisec WORKING POC
by hugosg97 · remote-auth
https://github.com/hugosg97/CVE-2020-10199-Nexus-3.21.01
metasploit WORKING POC EXCELLENT
by Alvaro Muñoz, wvu · rubypoclinux
https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/linux/http/nexus_repo_manager_el_injection.rb

Nuclei Templates (1)

Sonatype Nexus Repository Manager 3 - Remote Code Execution
HIGHby rootxharsh,iamnoooob,pdresearch
FOFA: title="nexus repository manager"

References (5)

Scores

CVSS v3 8.8
EPSS 0.9438
EPSS Percentile 100.0%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Details

CISA KEV 2021-11-03
VulnCheck KEV 2021-11-03
InTheWild.io 2021-07-23
ENISA EUVD EUVD-2020-0379
CWE
CWE-917
Status published
Products (2)
org.sonatype.nexus/nexus-extdirect 0 - 3.21.2Maven
sonatype/nexus < 3.21.2
Published Apr 01, 2020
KEV Added Nov 03, 2021
Tracked Since Feb 18, 2026