CVE-2014-0792

{"id": "CVE-2014-0792", "cveTags": [], "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "[email protected]", "cvssData": {"version": "2.0", "baseScore": 7.5, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "LOW", "availabilityImpact": "PARTIAL", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 6.4, "baseSeverity": "HIGH", "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "published": "2014-01-17T20:55:04.000", "references": [{"url": "http://www.sonatype.org/advisories/archive/2014-01-13-Nexus", "tags": ["Patch", "Vendor Advisory"], "source": "[email protected]"}, {"url": "https://sonatype.zendesk.com/entries/37551958-Configuring-Xstream-Whitelist", "source": "[email protected]"}, {"url": "https://support.sonatype.com/entries/37828023-Nexus-Security-Vulnerability", "tags": ["Patch", "Vendor Advisory"], "source": "[email protected]"}, {"url": "http://www.sonatype.org/advisories/archive/2014-01-13-Nexus", "tags": ["Patch", "Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://sonatype.zendesk.com/entries/37551958-Configuring-Xstream-Whitelist", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://support.sonatype.com/entries/37828023-Nexus-Security-Vulnerability", "tags": ["Patch", "Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Deferred", "weaknesses": [{"type": "Primary", "source": "[email protected]", "description": [{"lang": "en", "value": "CWE-94"}]}], "descriptions": [{"lang": "en", "value": "Sonatype Nexus 1.x and 2.x before 2.7.1 allows remote attackers to create arbitrary objects and execute arbitrary code via unspecified vectors related to unmarshalling of unintended Object types."}, {"lang": "es", "value": "Sonatype Nexus 1.x y 2.x anteriores a 2.7.1 permite a atacantes remotos crear objetos de forma arbitraria y ejecutar c\u00f3digo a trav\u00e9s de vectores no especificados relacionados con la resoluci\u00f3n de referencias de tipo de Objeto a los que no se deber\u00eda"}], "lastModified": "2025-04-11T00:51:21.963", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:sonatype:nexus:1.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "9D91A8DD-C3B2-4258-9A83-F85FD9CA5AEA"}, {"criteria": "cpe:2.3:a:sonatype:nexus:2.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "AC255313-6743-4318-9400-533551A97904"}, {"criteria": "cpe:2.3:a:sonatype:nexus:2.0.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "0DFA8904-FD47-4CF0-9D8A-6E4E8D5147D6"}, {"criteria": "cpe:2.3:a:sonatype:nexus:2.0.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "15C5954F-7899-499F-ACA1-C34365CEDEC1"}, {"criteria": "cpe:2.3:a:sonatype:nexus:2.0.3:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "7DB5988E-B354-4F8D-91AC-39161995269B"}, {"criteria": "cpe:2.3:a:sonatype:nexus:2.0.4:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "468BCA4D-FBFF-4ECF-B925-6C4BECE509E5"}, {"criteria": "cpe:2.3:a:sonatype:nexus:2.0.4:1:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "9204166D-4460-408D-B1D8-DEC0DA19DA5B"}, {"criteria": "cpe:2.3:a:sonatype:nexus:2.0.5:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "EC3B79A2-55D4-44C2-982B-08C23AD64710"}, {"criteria": "cpe:2.3:a:sonatype:nexus:2.0.6:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "F5A1C46A-7C6B-430F-945D-968ABBCE1348"}, {"criteria": "cpe:2.3:a:sonatype:nexus:2.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "8947E3F8-89CC-4919-8116-605D98FA8B80"}, {"criteria": "cpe:2.3:a:sonatype:nexus:2.1.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "5FF73EAB-D7D9-4C9F-9BBF-459FA70D6C62"}, {"criteria": "cpe:2.3:a:sonatype:nexus:2.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "1FE7B4CF-0FA2-42A4-86A2-D2A101358994"}, {"criteria": "cpe:2.3:a:sonatype:nexus:2.3.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "A83DA027-AE5D-4A19-BACE-FACD9859D4AE"}, {"criteria": "cpe:2.3:a:sonatype:nexus:2.4.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "D92A3FC0-2D84-48CC-BC1D-3EDE7B08F097"}, {"criteria": "cpe:2.3:a:sonatype:nexus:2.5.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "D007ADA9-CAA6-47E8-B135-E95E9FEC6D5B"}, {"criteria": "cpe:2.3:a:sonatype:nexus:2.5.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "55F954B1-D301-401A-B6D4-12F10DE9CF36"}, {"criteria": "cpe:2.3:a:sonatype:nexus:2.6.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "C21354A4-A877-4B84-B3BB-EE8EBC581DDF"}, {"criteria": "cpe:2.3:a:sonatype:nexus:2.6.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "FD592E54-D5D4-4CA3-A90A-5966049E501F"}, {"criteria": "cpe:2.3:a:sonatype:nexus:2.6.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "97DFC1CB-9855-4025-B956-5471DF55151A"}, {"criteria": "cpe:2.3:a:sonatype:nexus:2.6.3:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "BC6D39F4-2E88-4309-9A89-252950486EB2"}, {"criteria": "cpe:2.3:a:sonatype:nexus:2.6.4:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "4FFC19B9-F63C-4982-A0AC-29A2558B9F38"}, {"criteria": "cpe:2.3:a:sonatype:nexus:2.7.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "B0AC1A75-E88B-4EC5-88A5-01257C65BBF1"}, {"criteria": "cpe:2.3:a:sonatype:nexus:2.7.0:04:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "9DC31CAA-CC78-419B-B59F-4E7B756E8B5F"}, {"criteria": "cpe:2.3:a:sonatype:nexus:2.7.0:05:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "4494C42B-3ABE-4743-83F4-FF8DDCEB7A3A"}, {"criteria": "cpe:2.3:a:sonatype:nexus:2.7.0:06:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "7975DE00-DFFD-4DF0-B971-FF5CE97C72B7"}], "operator": "OR"}]}], "sourceIdentifier": "[email protected]"}