CVE-2021-3860

2021-12-2000:00:00

CWE-89

JFROG

www.cve.org

8.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

9.2 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

37.2%

JSON

JFrog Artifactory before 7.25.4 (Enterprise+ deployments only), is vulnerable to Blind SQL Injection by a low privileged authenticated user due to incomplete validation when performing an SQL query.

CNA Affected

[
  {
    "vendor": "JFrog",
    "product": "JFrog Artifactory",
    "versions": [
      {
        "version": "JFrog Artifactory versions before 7.25.4 with E+ license",
        "status": "affected",
        "lessThan": "7.25.4",
        "versionType": "custom"
      },
      {
        "version": "JFrog Artifactory versions before 6.23.30 with E+ license",
        "status": "affected",
        "lessThan": "6.23.30",
        "versionType": "custom"
      }
    ]
  }
]