8.8
CVE-2022-0573
- EPSS 5.92%
- Veröffentlicht 16.05.2022 15:15:08
- Zuletzt bearbeitet 21.11.2024 06:38:56
- Quelle reefs@jfrog.com
- CVE-Watchlists
- Unerledigt
LoginJFrog Artifactory before 7.36.1 and 6.23.41, is vulnerable to Insecure Deserialization of untrusted data which can lead to DoS, Privilege Escalation and Remote Code Execution when a specially crafted request is sent by a low privileged authenticated user due to insufficient validation of a user-provided serialized object.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Jfrog ≫ Artifactory SwPlatform- Version >= 6.0.0 < 6.23.41
Jfrog ≫ Artifactory SwPlatform- Version >= 7.0.0 < 7.17.16
Jfrog ≫ Artifactory SwPlatform- Version >= 7.18.0 < 7.18.12
Jfrog ≫ Artifactory SwPlatform- Version >= 7.19.0 < 7.19.13
Jfrog ≫ Artifactory SwPlatform- Version >= 7.21.0 < 7.21.25
Jfrog ≫ Artifactory SwPlatform- Version >= 7.25.0 < 7.25.9
Jfrog ≫ Artifactory SwPlatform- Version >= 7.27.0 < 7.27.15
Jfrog ≫ Artifactory SwPlatform- Version >= 7.29.0 < 7.29.10
Jfrog ≫ Artifactory SwPlatform- Version >= 7.31.0 < 7.31.16
Jfrog ≫ Artifactory SwPlatform- Version >= 7.33.0 < 7.33.12
Jfrog ≫ Artifactory SwPlatform- Version >= 7.34.0 < 7.34.4
Jfrog ≫ Artifactory Version7.35.0 SwPlatform-
Jfrog ≫ Artifactory Version7.36.0 SwPlatform-
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 5.92% | 0.904 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 8.8 | 2.8 | 5.9 |
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
|
| nvd@nist.gov | 6.5 | 8 | 6.4 |
AV:N/AC:L/Au:S/C:P/I:P/A:P
|
| reefs@jfrog.com | 8.8 | 2.8 | 5.9 |
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
|
CWE-502 Deserialization of Untrusted Data
The product deserializes untrusted data without sufficiently ensuring that the resulting data will be valid.