Critical severity9.8NVD Advisory· Published Dec 9, 2016· Updated May 6, 2026

CVE-2016-6501

Description

JFrog Artifactory before 4.11 allows remote attackers to execute arbitrary code via an LDAP attribute with a crafted serialized Java object, aka LDAP entry poisoning.

Affected products

Jfrog/Artifactory
cpe:2.3:a:jfrog:artifactory:*:*:*:*:*:*:*:*
Range: <=4.10

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

www.jfrog.com/confluence/display/RTF/Release+NotesnvdRelease NotesVendor Advisory
www.blackhat.com/docs/us-16/materials/us-16-Munoz-A-Journey-From-JNDI-LDAP-Manipulation-To-RCE-wp.pdfnvdNot Applicable
www.securityfocus.com/bid/94855nvd

News mentions

No linked articles in our index yet.

cvss	0.637
epss	0.002
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000