CVE-2021-3860

Summary

JFrog Artifactory before 7.25.4 (Enterprise+ deployments only), is vulnerable to Blind SQL Injection by a low privileged authenticated user due to incomplete validation when performing an SQL query.

Affected Software

VendorProductVersion RangeStatus
JFrogJFrog ArtifactoryJFrog Artifactory versions before 7.25.4 with E+ license < 7.25.4affected
JFrogJFrog ArtifactoryJFrog Artifactory versions before 6.23.30 with E+ license < 6.23.30affected

Weaknesses

  • CWE-89: CWE-89 SQL Injection

ADP Enrichment

CVE Program Container

Additional References

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: total

References