NotCVE - vendor:"Jfrog" product:"Artifactory" version:"6.5.9"

Page 2 of 17 results (0.005 seconds)

CVSS: 8.8EPSS: 0%CPEs: 13EXPL: 0

CVE-2022-0573

https://notcve.org/view.php?id=CVE-2022-0573

16 May 2022 — JFrog Artifactory before 7.36.1 and 6.23.41, is vulnerable to Insecure Deserialization of untrusted data which can lead to DoS, Privilege Escalation and Remote Code Execution when a specially crafted request is sent by a low privileged authenticated user due to insufficient validation of a user-provided serialized object. JFrog Artifactory versiones anteriores a 7.36.1 y 6.23.41, es vulnerable a una Deserialización no Segura de datos no confiables que puede conllevar a DoS, Escalada de Privilegios y Ejecuci... • https://www.jfrog.com/confluence/display/JFROG/CVE-2022-0573%3A+Artifactory+Vulnerable+to+Deserialization+of+Untrusted+Data • CWE-502: Deserialization of Untrusted Data •

CVSS: 5.5EPSS: 0%CPEs: 2EXPL: 0

CVE-2021-45074

https://notcve.org/view.php?id=CVE-2021-45074

02 Mar 2022 — JFrog Artifactory before 7.29.3 and 6.23.38, is vulnerable to Broken Access Control, a low-privileged user is able to delete other known users OAuth token, which will force a reauthentication on an active session or in the next UI session. JFrog Artifactory versiones anteriores a 7.29.3 y 6.23.38, es vulnerable a Un Control de Acceso Roto, un usuario con poco privilegiado es capaz de borrar el token OAuth de otros usuarios conocidos, lo que forzará a una re-autenticación en una sesión activa o en la siguien... • https://www.jfrog.com/confluence/display/JFROG/CVE-2021-45074%3A+Artifactory+Broken+Access+Control+on+Delete+OAuth+Tokens • CWE-284: Improper Access Control •

CVSS: 8.8EPSS: 0%CPEs: 10EXPL: 1

CVE-2021-3860 – JFrog Artifactory SQL Injection

https://notcve.org/view.php?id=CVE-2021-3860

20 Dec 2021 — JFrog Artifactory before 7.25.4 (Enterprise+ deployments only), is vulnerable to Blind SQL Injection by a low privileged authenticated user due to incomplete validation when performing an SQL query. JFrog Artifactory versiones anteriores a 7.25.4 (sólo en las implementaciones Enterprise+), es vulnerable a una inyección SQL ciega por parte de un usuario autenticado con pocos privilegios debido a una comprobación incompleta cuando se lleva a cabo una consulta SQL JFrog Artifactory versions prior to 7.25.4 suf... • https://packetstorm.news/files/id/177162 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •

CVSS: 9.8EPSS: 5%CPEs: 1EXPL: 0

CVE-2019-17444 – JFrog Artifactory does not enforce default admin password change

https://notcve.org/view.php?id=CVE-2019-17444

12 Oct 2020 — Jfrog Artifactory uses default passwords (such as "password") for administrative accounts and does not require users to change them. This may allow unauthorized network-based attackers to completely compromise of Jfrog Artifactory. This issue affects Jfrog Artifactory versions prior to 6.17.0. Jfrog Artifactory usa contraseñas predeterminadas (tal y como "password") para las cuentas administrativas y no requiere que los usuarios las cambien. Esto puede permitir que atacantes basados ?? • https://www.jfrog.com/confluence/display/JFROG/Artifactory+Release+Notes • CWE-521: Weak Password Requirements •

CVSS: 7.2EPSS: 0%CPEs: 1EXPL: 0

CVE-2019-19937

https://notcve.org/view.php?id=CVE-2019-19937

16 Mar 2020 — In JFrog Artifactory before 6.18, it is not possible to restrict either system or repository imports by any admin user in the enterprise, which can lead to "undesirable results." En JFrog Artifactory versiones anteriores a 6.18, no es posible restringir tanto las importaciones del sistema como del repositorio por parte de cualquier usuario administrador en la empresa, lo que puede conllevar a "undesirable results." • https://www.jfrog.com/confluence/display/RTF6X/Importing+and+Exporting • CWE-862: Missing Authorization •

CVSS: 8.8EPSS: 0%CPEs: 12EXPL: 2

CVE-2020-7931

https://notcve.org/view.php?id=CVE-2020-7931

23 Jan 2020 — In JFrog Artifactory 5.x and 6.x, insecure FreeMarker template processing leads to remote code execution, e.g., by modifying a .ssh/authorized_keys file. Patches are available for various versions between 5.11.8 and 6.16.0. The issue exists because use of the DefaultObjectWrapper class makes certain Java functions accessible to a template. En JFrog Artifactory versiones 5.x y 6.x, el procesamiento no seguro de la plantilla FreeMarker conlleva a una ejecución de código remota, por ejemplo, mediante la modifi... • https://github.com/gquere/CVE-2020-7931 •

CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 4

CVE-2018-19971 – JFrog Artifactory Pro 6.5.9 Signature Validation

https://notcve.org/view.php?id=CVE-2018-19971

19 Mar 2019 — JFrog Artifactory Pro 6.5.9 has Incorrect Access Control. JFrog Artifactory Pro 6.5.9 tiene un control de acceso incorrecto. The SAML SSO addon in JFrog Artifactory version 6.5.9 does not properly validate the XML signature in the SAMLResponse field send to the URL /webapp/saml/loginResponse. An attacker can use this flaw to login as any user if they already can login as some user. • https://packetstorm.news/files/id/152137 • CWE-345: Insufficient Verification of Data Authenticity •

1 2