Vulnerabilities > Jfrog > Artifactory > 3.5.1
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-05-23 | CVE-2021-41834 | Unspecified vulnerability in Jfrog Artifactory JFrog Artifactory prior to version 7.28.0 and 6.23.38, is vulnerable to Broken Access Control, the copy functionality can be used by a low-privileged user to read and copy any artifact that exists in the Artifactory deployment due to improper permissions validation. | 4.0 |
| 2020-10-12 | CVE-2019-17444 | Weak Password Requirements vulnerability in Jfrog Artifactory Jfrog Artifactory uses default passwords (such as "password") for administrative accounts and does not require users to change them. | 7.5 |
| 2020-03-16 | CVE-2019-19937 | Improper Input Validation vulnerability in Jfrog Artifactory In JFrog Artifactory before 6.18, it is not possible to restrict either system or repository imports by any admin user in the enterprise, which can lead to "undesirable results." | 6.5 |
| 2020-01-23 | CVE-2020-7931 | Unspecified vulnerability in Jfrog Artifactory In JFrog Artifactory 5.x and 6.x, insecure FreeMarker template processing leads to remote code execution, e.g., by modifying a .ssh/authorized_keys file. | 6.5 |
| 2018-05-01 | CVE-2016-10036 | Unrestricted Upload of File with Dangerous Type vulnerability in Jfrog Artifactory Unrestricted file upload vulnerability in ui/artifact/upload in JFrog Artifactory before 4.16 allows remote attackers to (1) deploy an arbitrary servlet application and execute arbitrary code by uploading a war file or (2) possibly write to arbitrary files and cause a denial of service by uploading an HTML file. | 7.5 |
| 2016-12-09 | CVE-2016-6501 | Improper Input Validation vulnerability in Jfrog Artifactory JFrog Artifactory before 4.11 allows remote attackers to execute arbitrary code via an LDAP attribute with a crafted serialized Java object, aka LDAP entry poisoning. | 7.5 |