Vulnerabilities > Jfrog > Critical

DATE CVE VULNERABILITY TITLE RISK
2023-01-08 CVE-2022-0668 Improper Privilege Management vulnerability in Jfrog Artifactory
JFrog Artifactory prior to 7.37.13 is vulnerable to Authentication Bypass, which can lead to Privilege Escalation when a specially crafted request is sent by an unauthenticated user.
network
low complexity
jfrog CWE-269
critical
9.8
2020-10-12 CVE-2019-17444 Weak Password Requirements vulnerability in Jfrog Artifactory
Jfrog Artifactory uses default passwords (such as "password") for administrative accounts and does not require users to change them.
network
low complexity
jfrog CWE-521
critical
9.8
2019-04-16 CVE-2018-19971 Insufficient Verification of Data Authenticity vulnerability in Jfrog Artifactory 6.5.9
JFrog Artifactory Pro 6.5.9 has Incorrect Access Control.
network
low complexity
jfrog CWE-345
critical
9.8
2019-04-11 CVE-2019-9733 Unspecified vulnerability in Jfrog Artifactory 6.7.3
An issue was discovered in JFrog Artifactory 6.7.3.
network
low complexity
jfrog
critical
9.8
2018-05-01 CVE-2016-10036 Unrestricted Upload of File with Dangerous Type vulnerability in Jfrog Artifactory
Unrestricted file upload vulnerability in ui/artifact/upload in JFrog Artifactory before 4.16 allows remote attackers to (1) deploy an arbitrary servlet application and execute arbitrary code by uploading a war file or (2) possibly write to arbitrary files and cause a denial of service by uploading an HTML file.
network
low complexity
jfrog CWE-434
critical
9.8
2016-12-09 CVE-2016-6501 Improper Input Validation vulnerability in Jfrog Artifactory
JFrog Artifactory before 4.11 allows remote attackers to execute arbitrary code via an LDAP attribute with a crafted serialized Java object, aka LDAP entry poisoning.
network
low complexity
jfrog CWE-20
critical
9.8