Vulnerabilities > Jfrog > Artifactory > 6.5.9

DATE CVE VULNERABILITY TITLE RISK
2020-10-12 CVE-2019-17444 Weak Password Requirements vulnerability in Jfrog Artifactory
Jfrog Artifactory uses default passwords (such as "password") for administrative accounts and does not require users to change them.
network
low complexity
jfrog CWE-521
critical
 9.8
9.8
2020-03-16 CVE-2019-19937 Missing Authorization vulnerability in Jfrog Artifactory
In JFrog Artifactory before 6.18, it is not possible to restrict either system or repository imports by any admin user in the enterprise, which can lead to "undesirable results."
network
low complexity
jfrog CWE-862
7.2
7.2
2020-01-23 CVE-2020-7931 Unspecified vulnerability in Jfrog Artifactory
In JFrog Artifactory 5.x and 6.x, insecure FreeMarker template processing leads to remote code execution, e.g., by modifying a .ssh/authorized_keys file.
network
low complexity
jfrog
8.8
8.8
2019-04-16 CVE-2018-19971 Insufficient Verification of Data Authenticity vulnerability in Jfrog Artifactory 6.5.9
JFrog Artifactory Pro 6.5.9 has Incorrect Access Control.
network
low complexity
jfrog CWE-345
critical
 9.8
9.8