Vulnerabilities > Jfrog > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-12-20 | CVE-2021-3860 | SQL Injection vulnerability in Jfrog Artifactory JFrog Artifactory before 7.25.4 (Enterprise+ deployments only), is vulnerable to Blind SQL Injection by a low privileged authenticated user due to incomplete validation when performing an SQL query. | 8.8 |
| 2020-10-12 | CVE-2019-17444 | Weak Password Requirements vulnerability in Jfrog Artifactory Jfrog Artifactory uses default passwords (such as "password") for administrative accounts and does not require users to change them. | 7.5 |
| 2020-03-25 | CVE-2020-2165 | Insufficiently Protected Credentials vulnerability in Jfrog Artifactory Jenkins Artifactory Plugin 3.6.0 and earlier transmits configured passwords in plain text as part of its global Jenkins configuration form, potentially resulting in their exposure. | 7.5 |
| 2019-04-16 | CVE-2018-19971 | Insufficient Verification of Data Authenticity vulnerability in Jfrog Artifactory 6.5.9 JFrog Artifactory Pro 6.5.9 has Incorrect Access Control. | 7.5 |
| 2019-04-11 | CVE-2019-9733 | Unspecified vulnerability in Jfrog Artifactory 6.7.3 An issue was discovered in JFrog Artifactory 6.7.3. | 7.5 |
| 2018-05-01 | CVE-2016-10036 | Unrestricted Upload of File with Dangerous Type vulnerability in Jfrog Artifactory Unrestricted file upload vulnerability in ui/artifact/upload in JFrog Artifactory before 4.16 allows remote attackers to (1) deploy an arbitrary servlet application and execute arbitrary code by uploading a war file or (2) possibly write to arbitrary files and cause a denial of service by uploading an HTML file. | 7.5 |
| 2016-12-09 | CVE-2016-6501 | Improper Input Validation vulnerability in Jfrog Artifactory JFrog Artifactory before 4.11 allows remote attackers to execute arbitrary code via an LDAP attribute with a crafted serialized Java object, aka LDAP entry poisoning. | 7.5 |