nvd-json-data-feeds/CVE-2014/CVE-2014-07xx/CVE-2014-0792.json

{
  "id": "CVE-2014-0792",
  "sourceIdentifier": "cve@mitre.org",
  "published": "2014-01-17T20:55:04.000",
  "lastModified": "2014-01-21T14:14:59.440",
  "vulnStatus": "Analyzed",
  "descriptions": [
    {
      "lang": "en",
      "value": "Sonatype Nexus 1.x and 2.x before 2.7.1 allows remote attackers to create arbitrary objects and execute arbitrary code via unspecified vectors related to unmarshalling of unintended Object types."
    },
    {
      "lang": "es",
      "value": "Sonatype Nexus 1.x y 2.x anteriores a 2.7.1 permite a atacantes remotos crear objetos de forma arbitraria y ejecutar c\u00f3digo a trav\u00e9s de vectores no especificados relacionados con la resoluci\u00f3n de referencias de tipo de Objeto a los que no se deber\u00eda"
    }
  ],
  "metrics": {
    "cvssMetricV2": [
      {
        "source": "nvd@nist.gov",
        "type": "Primary",
        "cvssData": {
          "version": "2.0",
          "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
          "accessVector": "NETWORK",
          "accessComplexity": "LOW",
          "authentication": "NONE",
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "availabilityImpact": "PARTIAL",
          "baseScore": 7.5
        },
        "baseSeverity": "HIGH",
        "exploitabilityScore": 10.0,
        "impactScore": 6.4,
        "acInsufInfo": false,
        "obtainAllPrivilege": false,
        "obtainUserPrivilege": false,
        "obtainOtherPrivilege": false,
        "userInteractionRequired": false
      }
    ]
  },
  "weaknesses": [
    {
      "source": "nvd@nist.gov",
      "type": "Primary",
      "description": [
        {
          "lang": "en",
          "value": "CWE-94"
        }
      ]
    }
  ],
  "configurations": [
    {
      "nodes": [
        {
          "operator": "OR",
          "negate": false,
          "cpeMatch": [
            {
              "vulnerable": true,
              "criteria": "cpe:2.3:a:sonatype:nexus:1.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "9D91A8DD-C3B2-4258-9A83-F85FD9CA5AEA"
            },
            {
              "vulnerable": true,
              "criteria": "cpe:2.3:a:sonatype:nexus:2.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "AC255313-6743-4318-9400-533551A97904"
            },
            {
              "vulnerable": true,
              "criteria": "cpe:2.3:a:sonatype:nexus:2.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "0DFA8904-FD47-4CF0-9D8A-6E4E8D5147D6"
            },
            {
              "vulnerable": true,
              "criteria": "cpe:2.3:a:sonatype:nexus:2.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "15C5954F-7899-499F-ACA1-C34365CEDEC1"
            },
            {
              "vulnerable": true,
              "criteria": "cpe:2.3:a:sonatype:nexus:2.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "7DB5988E-B354-4F8D-91AC-39161995269B"
            },
            {
              "vulnerable": true,
              "criteria": "cpe:2.3:a:sonatype:nexus:2.0.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "468BCA4D-FBFF-4ECF-B925-6C4BECE509E5"
            },
            {
              "vulnerable": true,
              "criteria": "cpe:2.3:a:sonatype:nexus:2.0.4:1:*:*:*:*:*:*",
              "matchCriteriaId": "9204166D-4460-408D-B1D8-DEC0DA19DA5B"
            },
            {
              "vulnerable": true,
              "criteria": "cpe:2.3:a:sonatype:nexus:2.0.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "EC3B79A2-55D4-44C2-982B-08C23AD64710"
            },
            {
              "vulnerable": true,
              "criteria": "cpe:2.3:a:sonatype:nexus:2.0.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "F5A1C46A-7C6B-430F-945D-968ABBCE1348"
            },
            {
              "vulnerable": true,
              "criteria": "cpe:2.3:a:sonatype:nexus:2.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "8947E3F8-89CC-4919-8116-605D98FA8B80"
            },
            {
              "vulnerable": true,
              "criteria": "cpe:2.3:a:sonatype:nexus:2.1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "5FF73EAB-D7D9-4C9F-9BBF-459FA70D6C62"
            },
            {
              "vulnerable": true,
              "criteria": "cpe:2.3:a:sonatype:nexus:2.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "1FE7B4CF-0FA2-42A4-86A2-D2A101358994"
            },
            {
              "vulnerable": true,
              "criteria": "cpe:2.3:a:sonatype:nexus:2.3.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "A83DA027-AE5D-4A19-BACE-FACD9859D4AE"
            },
            {
              "vulnerable": true,
              "criteria": "cpe:2.3:a:sonatype:nexus:2.4.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "D92A3FC0-2D84-48CC-BC1D-3EDE7B08F097"
            },
            {
              "vulnerable": true,
              "criteria": "cpe:2.3:a:sonatype:nexus:2.5.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "D007ADA9-CAA6-47E8-B135-E95E9FEC6D5B"
            },
            {
              "vulnerable": true,
              "criteria": "cpe:2.3:a:sonatype:nexus:2.5.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "55F954B1-D301-401A-B6D4-12F10DE9CF36"
            },
            {
              "vulnerable": true,
              "criteria": "cpe:2.3:a:sonatype:nexus:2.6.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "C21354A4-A877-4B84-B3BB-EE8EBC581DDF"
            },
            {
              "vulnerable": true,
              "criteria": "cpe:2.3:a:sonatype:nexus:2.6.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "FD592E54-D5D4-4CA3-A90A-5966049E501F"
            },
            {
              "vulnerable": true,
              "criteria": "cpe:2.3:a:sonatype:nexus:2.6.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "97DFC1CB-9855-4025-B956-5471DF55151A"
            },
            {
              "vulnerable": true,
              "criteria": "cpe:2.3:a:sonatype:nexus:2.6.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "BC6D39F4-2E88-4309-9A89-252950486EB2"
            },
            {
              "vulnerable": true,
              "criteria": "cpe:2.3:a:sonatype:nexus:2.6.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "4FFC19B9-F63C-4982-A0AC-29A2558B9F38"
            },
            {
              "vulnerable": true,
              "criteria": "cpe:2.3:a:sonatype:nexus:2.7.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "B0AC1A75-E88B-4EC5-88A5-01257C65BBF1"
            },
            {
              "vulnerable": true,
              "criteria": "cpe:2.3:a:sonatype:nexus:2.7.0:04:*:*:*:*:*:*",
              "matchCriteriaId": "9DC31CAA-CC78-419B-B59F-4E7B756E8B5F"
            },
            {
              "vulnerable": true,
              "criteria": "cpe:2.3:a:sonatype:nexus:2.7.0:05:*:*:*:*:*:*",
              "matchCriteriaId": "4494C42B-3ABE-4743-83F4-FF8DDCEB7A3A"
            },
            {
              "vulnerable": true,
              "criteria": "cpe:2.3:a:sonatype:nexus:2.7.0:06:*:*:*:*:*:*",
              "matchCriteriaId": "7975DE00-DFFD-4DF0-B971-FF5CE97C72B7"
            }
          ]
        }
      ]
    }
  ],
  "references": [
    {
      "url": "http://www.sonatype.org/advisories/archive/2014-01-13-Nexus",
      "source": "cve@mitre.org",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ]
    },
    {
      "url": "https://sonatype.zendesk.com/entries/37551958-Configuring-Xstream-Whitelist",
      "source": "cve@mitre.org"
    },
    {
      "url": "https://support.sonatype.com/entries/37828023-Nexus-Security-Vulnerability",
      "source": "cve@mitre.org",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ]
    }
  ]
}