Sonatype Nexus

Anyone know if InsightVM/Nexpose scans for Sonatype Nexus vulnerabilities?

So the first place to start with these questions would be our Recurring Vulnerability documentation found here. Unfortunately I don’t see Nexus or SonaType in general on the list. So this just means we don’t exclusively check for vulnerabilities on those systems.

However, this does not mean that some of our checks don’t inherently also include those types of systems. What you can do is go into a scan template and go to the vulnerability checks menu and expand out “By individual check”
Screen Shot 2022-08-05 at 12.20.27 PM

From there you can just doa. check for “nexus” in your search criteria which will give you a ton of results for vulnerability checks where the description contains mention of Nexus. Take the one I have highlighted in my screenshot for example.
Screen Shot 2022-08-05 at 12.22.24 PM

If you click on that vulnerability title it will open a new page specifically for that vulnerability where you can see the full description which mentions Nexus products.
Screen Shot 2022-08-05 at 12.24.01 PM

I know this isn’t exactly the easiest method to go about finding these checks but long story short, the answer is yes. Some of our default checks would work against Nexus products.


This is great, thank you for the help!