Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
9.8
CVSSv3

CVE-2018-19971

Published: 16/04/2019 Updated: 24/08/2020
CVSS v2 Base Score: 7.5 | Impact Score: 6.4 | Exploitability Score: 10
CVSS v3 Base Score: 9.8 | Impact Score: 5.9 | Exploitability Score: 3.9
VMScore: 668
Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P
Subscribe to Jfrog

Vulnerability Summary

JFrog Artifactory Pro 6.5.9 has Incorrect Access Control.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

jfrog artifactory 6.5.9

Exploits

Exploit DB: JFrog Artifactory Pro 6.5.9 Signature Validation
The SAML SSO addon in JFrog Artifactory version 659 does not properly validate the XML signature in the SAMLResponse field send to the URL /webapp/saml/loginResponse An attacker can use this flaw to login as any user if they already can login as some user ...

References

CWE-345https://lists.openwall.net/full-disclosure/2019/03/19/3https://bintray.com/jfrog/artifactory-pro/jfrog-artifactory-pro-zip/6.5.13#releasehttp://www.securityfocus.com/bid/107518http://seclists.org/fulldisclosure/2019/Mar/34http://packetstormsecurity.com/files/152137/JFrog-Artifactory-Pro-6.5.9-Signature-Validation.htmlhttps://nvd.nist.govhttps://packetstormsecurity.com/files/152137/JFrog-Artifactory-Pro-6.5.9-Signature-Validation.html
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-32886insecure direct object referenceCVE-2024-34342file inclusionCVE-2024-34562CVE-2024-34347CVE-2024-26026CVE-2024-4647unprivileged
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook