Vulnerabilities Without a CVE Impacting Artifactory

The following is a list of vulnerabilities that do not have a CVE that impacted Artifactory and have been fixed.

Description	Severity	Artifactory Fix Version
Updated `jackson-dataformats-binary`to version `2.12.3`.	High	7.21.3
Excluded the `Plexus-cipher` library.	Medium	7.21.3
Upgraded `om.nimbusds:oauth2-oidc-sdk:6.14` to 9.9.3.	High	7.21.3
Upgraded to `wiremock-jre8` version 2.28.0.	High	7.21.3
Upgraded `maven-shared-utils:3.2.1` to version 334.	Critical	7.21.3
Under certain circumstances, authenticated users were able to: Retrieve environment information from Artifactory that normally required administrative rights. Deploy binaries to Artifactory from different upstreams without having adequate permissions to perform these actions.	Critical	6.13.3, 6.14.4, 6.15.2, 6.16.2, 6.17.1, 6.18.1, 7.3.2
Under certain circumstances, users could gain access to application data that should otherwise be exposed only to administrators.	Critical	6.8.14, 6.9.3, 6.10.4
Under certain circumstances, an unauthorized user may be able to send malformed REST API calls to Artifactory that execute under the identity of another user.	Critical	5.6.8, 5.7.3, 5.8.12, 5.9.8, 5.10.5, 5.11.5 6.0.4, 6.1.4, 6.2.1, 6.3.4, 6.4.2, 6.5.9
A SAML-related authentication vulnerability potentially exposed Artifactory to XSW attacks which could sniff and manipulate SAML communications causing the incorrect verification of a SAML login response. This could potentially allow the attacker to gain access to any user in Artifactory.	High	6.5.13