avoiding Nexus critical security vulnerabilities

I am using Nexus version 2.10.0-02 and I got "Caution Nexus Administrators" bloc when I log in as an admin. This bloc contains the 3 famous security vulnerabilities CVE-2014-9389, CVE-2014-2034 and CVE-2014-0792.

To avoid the first vulnerability, I upgraded nexus to the latest release 2.11.1-01, but, the problem persists.

For the second and the third one, I don't know if they are fixed or not. In fact, does the warning disappear from the admin dashboard if the problem is fixed?

Would someone, please, tell me what to do to fix these issues?

Solution

All of the CVE's you referenced are fixed in Nexus 2.11.1-01.

Nexus currently isn't able to filter the welcome message by point release (2.11.x), so it will remain visible even though you are now patched. You can safely ignore it now.

Cisco MSO/NDO API to add/remove staticport request using Postman
mvn deploy snapshot to nexus oss failed with return code 500 internal error
how can i use pip search with my own nexus pypi repo?
Detailed (download) statistics for artifacts of public repositories like maven.org
Sonatype Nexus menu option "Data Store" is not shown
Not able to access Nexus console on my Ubuntu VM instance in GCP
Setup custom cleanup for docker images in nexus repository
Nuget proxy via Nexus repository behind Nginx
Unable to install PYPI Package from Sonatype-Nexus in Docker container: "No matching distribution found"
Nexus & GraphQL: Root typing path for the type "context" does not exist
Sonatype Nexus database migration from H2 in EC2 to external PSQL
docker login on private nexus => Error response from daemon: login attempt to http://ip:port/v2/ failed with status: 404 Not Found
Append local date_time to a file name
How to tell maven to use a snapshot version? It tries to load x.y.z-SNAPSHOT but nexus has replaced -SNAPSHOT
Unable to create an object of the class from Maven type project
Getting "Blocked mirror for repositories" maven error even after adding mirrors
Polymorphism in Prisma Schema - Best practices?
How to set custom domain in Nexus Repo without port in URL
Searching an artifact on nexus
Get size of specific repository in Nexus 3
Nexus REST API query artifacts within a group
How to force Maven to use a specific repository (and only that)?
Nexus Repository: BLOB_UNKNOWN: blob unknown to registry
how to set pom.xml to download artifact from nexus remote repository
JDeveloper 12 unable to index GIT Repo provided by Nexus Repository Manager 3
How to debug 'npm ERR! 403 In most cases, you or one of your dependencies are requesting a package version that is forbidden by your security policy.'
Why does SBT resolve SNAPSHOT version?
Nexus to proxy a repository from a different nexus instance
Nexus: Unknown Task called "Storage facet cleanup"
Nexus raw repository vs maven repository