Sonatype Nexus Repository Manager OSS/Pro before 3.26.0 has Incorrect Access Control.

Sonatype Nexus Repository Manager OSS/Pro versions before 3.25.1 allow XSS (Issue 2 of 2).

Sonatype Nexus Repository Manager OSS/Pro version before 3.25.1 allows Remote Code Execution.

Sonatype Nexus Repository Manager OSS/Pro versions before 3.25.1 allow XSS (issue 1 of 2).

An issue was discovered in Sonatype Nexus Repository Manager 2.x before 2.14.17 and 3.x before 3.22.1. Admin users can retrieve the LDAP server system username/password (as configured in nxrm) in cleartext.

An issue was discovered in Sonatype Nexus Repository Manager in versions 3.21.1 and 3.22.0. It is possible for a user with appropriate privileges to create, modify, and execute scripting tasks without use of the UI or API. NOTE: in 3.22.0, scripting is disabled by default (making this not exploitable).

Sonatype Nexus Repository Manager 3.x up to and including 3.21.2 has Incorrect Access Control.

Sonatype Nexus Repository before 3.21.2 allows XSS.

Sonatype Nexus Repository Manager 2.x before 2.14.15 and 3.x before 3.19, and IQ Server before 72, has remote code execution.

Sonatype Nexus Repository Manager 2.x before 2.14.15 allows Remote Code Execution.