Vulnerabilities > Jfrog > Critical
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2023-01-08 | CVE-2022-0668 | Improper Privilege Management vulnerability in Jfrog Artifactory JFrog Artifactory prior to 7.37.13 is vulnerable to Authentication Bypass, which can lead to Privilege Escalation when a specially crafted request is sent by an unauthenticated user. | 9.8 |
2020-10-12 | CVE-2019-17444 | Weak Password Requirements vulnerability in Jfrog Artifactory Jfrog Artifactory uses default passwords (such as "password") for administrative accounts and does not require users to change them. | 9.8 |
2019-04-16 | CVE-2018-19971 | Insufficient Verification of Data Authenticity vulnerability in Jfrog Artifactory 6.5.9 JFrog Artifactory Pro 6.5.9 has Incorrect Access Control. | 9.8 |
2019-04-11 | CVE-2019-9733 | Unspecified vulnerability in Jfrog Artifactory 6.7.3 An issue was discovered in JFrog Artifactory 6.7.3. | 9.8 |
2018-05-01 | CVE-2016-10036 | Unrestricted Upload of File with Dangerous Type vulnerability in Jfrog Artifactory Unrestricted file upload vulnerability in ui/artifact/upload in JFrog Artifactory before 4.16 allows remote attackers to (1) deploy an arbitrary servlet application and execute arbitrary code by uploading a war file or (2) possibly write to arbitrary files and cause a denial of service by uploading an HTML file. | 9.8 |
2016-12-09 | CVE-2016-6501 | Improper Input Validation vulnerability in Jfrog Artifactory JFrog Artifactory before 4.11 allows remote attackers to execute arbitrary code via an LDAP attribute with a crafted serialized Java object, aka LDAP entry poisoning. | 9.8 |