CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2021-3860

JFrog Artifactory before 7.25.4 (Enterprise+ deployments only), is vulnerable to Blind SQL Injection by a low privileged authenticated user due to incomplete validation when performing an SQL query.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.004

EPSS Ranking 60.6%

CVSS Severity

CVSS v3 Score 8.8

CVSS v2 Score 6.5

References

http://packetstormsecurity.com/files/177162/JFrog-Artifactory-SQL-Injection.html
https://www.jfrog.com/confluence/display/JFROG/CVE-2021-3860%3A+Artifactory+Low+Privileged+Blind+SQL+Injection
http://packetstormsecurity.com/files/177162/JFrog-Artifactory-SQL-Injection.html
https://www.jfrog.com/confluence/display/JFROG/CVE-2021-3860%3A+Artifactory+Low+Privileged+Blind+SQL+Injection

Products affected by CVE-2021-3860

Jfrog » Artifactory » Version: Any

cpe:2.3:a:jfrog:artifactory:*

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2021-3860

Products

Pricing

Contact Us