CVE-2018-19971

Name: CVE-2018-19971
Creator: NVD / NIST
Published: 2019-04-16T19:29:00.317+00:00
License: https://creativecommons.org/publicdomain/zero/1.0/

UnknownEPSS 3.03%

Last modified Jun 17, 2026

CVE-2018-19971 is a vulnerability of currently unknown severity. JFrog Artifactory Pro 6.5.9 has Incorrect Access Control.. EPSS estimates a 3.03% chance of exploitation in the next 30 days.

Description

JFrog Artifactory Pro 6.5.9 has Incorrect Access Control.

Metrics

EPSS Probability

3.03%

85.8th percentile

Probability of exploitation in the next 30 days. Learn more

Weakness Enumeration

CWE-345

Affected Software

Vendor	Product	Versions
Jfrog	Artifactory	6.5.9

References

http://packetstormsecurity.com/files/152137/JFrog-Artifactory-Pro-6.5.9-Signature-Validation.htmlExploit, Third Party Advisory, VDB Entry
http://seclists.org/fulldisclosure/2019/Mar/34Exploit, Mailing List, Third Party Advisory
http://www.securityfocus.com/bid/107518Third Party Advisory, VDB Entry
https://bintray.com/jfrog/artifactory-pro/jfrog-artifactory-pro-zip/6.5.13#releaseProduct, Third Party Advisory
https://lists.openwall.net/full-disclosure/2019/03/19/3Exploit, Mailing List, Third Party Advisory
http://packetstormsecurity.com/files/152137/JFrog-Artifactory-Pro-6.5.9-Signature-Validation.htmlExploit, Third Party Advisory, VDB Entry
http://seclists.org/fulldisclosure/2019/Mar/34Exploit, Mailing List, Third Party Advisory
http://www.securityfocus.com/bid/107518Third Party Advisory, VDB Entry
https://bintray.com/jfrog/artifactory-pro/jfrog-artifactory-pro-zip/6.5.13#releaseProduct, Third Party Advisory
https://lists.openwall.net/full-disclosure/2019/03/19/3Exploit, Mailing List, Third Party Advisory

Timeline

Published: Apr 16, 2019
Last Modified: Jun 17, 2026
Status: Modified

Frequently Asked Questions

What is CVE-2018-19971?

JFrog Artifactory Pro 6.5.9 has Incorrect Access Control.

How severe is CVE-2018-19971?

Severity scoring for CVE-2018-19971 is pending analysis. The EPSS model estimates a 3.03% probability of exploitation in the next 30 days.

How do I fix CVE-2018-19971?

Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.

Are you affected by CVE-2018-19971?

Run a free Strix scan to check your systems for this vulnerability.

Scan your code now

Source: NVD / NIST