Vulnerabilities > Apache > Archiva > 2.2.6

DATE CVE VULNERABILITY TITLE RISK
2022-11-15 CVE-2022-40308 Unspecified vulnerability in Apache Archiva
If anonymous read enabled, it's possible to read the database file directly without logging in.
network
low complexity
apache
7.5
7.5
2022-11-15 CVE-2022-40309 Unspecified vulnerability in Apache Archiva
Users with write permissions to a repository can delete arbitrary directories.
network
low complexity
apache
4.3
4.3
2022-05-25 CVE-2022-29405 Unspecified vulnerability in Apache Archiva
In Apache Archiva, any registered user can reset password for any users.
network
low complexity
apache
6.5
6.5