CVE-2019-17444

EPSS 69.45%
Veröffentlicht 12.10.2020 22:15:15
Zuletzt bearbeitet 21.11.2024 04:32:20
Quelle psirt@paloaltonetworks.com
CVE-Watchlists
Login
Unerledigt
Login

JFrog Artifactory does not enforce default admin password change

Jfrog Artifactory uses default passwords (such as "password") for administrative accounts and does not require users to change them. This may allow unauthorized network-based attackers to completely compromise of Jfrog Artifactory. This issue affects Jfrog Artifactory versions prior to 6.17.0.

Betroffene Produkte Warnungen 0 Metriken 4 CWE 1 Referenzen 5

NVD 1 VulnDex Vulnerability Enrichment 0

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Jfrog ≫ Artifactory SwPlatform- Version < 6.17.0

Zu dieser CVE wurde keine Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	69.45%	0.993

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	9.8	3.9	5.9	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvd@nist.gov	7.5	10	6.4	AV:N/AC:L/Au:N/C:P/I:P/A:P
psirt@paloaltonetworks.com	9.8	3.9	5.9	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE-521 Weak Password Requirements

The product does not require that users should have strong passwords, which makes it easier for attackers to compromise user accounts.

https://www.jfrog.com/confluence/display/JFROG/Artifactory+Release+Notes

Vendor Advisory

Release Notes

https://www.jfrog.com/confluence/display/JFROG/JFrog+Artifactory

Vendor Advisory

https://nvd.nist.gov/vuln/detail/CVE-2019-17444

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2019-17444

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2019-17444

EUVD

Team-orientierte Vulnerability Management Plattform

Features der Plattform

CVE-2019-17444