Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact

apache james vulnerabilities and exploits

(subscribe to this query)
NA
CVE-2024-32656
Ant Media Server is live streaming engine software. A local privilege escalation vulnerability in present in versions 2.6.0 up to and including 2.8.2 allows any unprivileged operating system user account to escalate privileges to the root user account on the system. This vulnerab...
NA
CVE-2024-21742
Improper input validation allows for header injection in MIME4J library when using MIME4J DOM for composing message. This can be exploited by an malicious user to add unintended headers to MIME messages.
NA
CVE-2023-51747
Apache James prior to versions 3.8.1 and 3.7.5 is vulnerable to SMTP smuggling. A lenient behaviour in line delimiter handling might create a difference of interpretation between the sender and the receiver which can be exploited by an malicious user to forge an SMTP envelop, all...
NA
CVE-2023-51518
Apache James prior to version 3.7.5 and 3.8.0 exposes a JMX endpoint on localhost subject to pre-authentication deserialisation of untrusted data. Given a deserialisation gadjet, this could be leveraged as part of an exploit chain that could result in privilege escalation. Note t...
9.8
CVSSv3
CVE-2023-38035
A security vulnerability in MICS Admin Portal in Ivanti MobileIron Sentry versions 9.18.0 and below, which may allow an malicious user to bypass authentication controls on the administrative interface due to an insufficiently restrictive Apache HTTPD configuration.
Ivanti Mobileiron Sentry
7.8
CVSSv3
CVE-2023-26269
Apache James server version 3.7.3 and previous versions provides a JMX management service without authentication by default. This allows privilege escalation by a malicious local user. Administrators are advised to disable JMX, or set up a JMX password. Note that version 3.7.4 on...
Apache James
5.5
CVSSv3
CVE-2022-45787
Unproper laxist permissions on the temporary files used by MIME4J TempFileStorageProvider may lead to information disclosure to other local users. This issue affects Apache James MIME4J version 0.8.8 and prior versions. We recommend users to upgrade to MIME4j version 0.8.9 or lat...
Apache James
5.5
CVSSv3
CVE-2022-45935
Usage of temporary files with insecure permissions by the Apache James server allows an attacker with local access to access private user data in transit. Vulnerable components includes the SMTP stack and IMAP APPEND command. This issue affects Apache James server version 3.7.2 a...
Apache James
8.1
CVSSv3
CVE-2022-40674
libexpat prior to 2.4.9 has a use-after-free in the doContent function in xmlparse.c.
Libexpat Project LibexpatDebian Debian Linux 10.0Debian Debian Linux 11.0Fedoraproject Fedora 35Fedoraproject Fedora 36Fedoraproject Fedora 37
7.5
CVSSv3
CVE-2022-28220
Apache James prior to release 3.6.3 and 3.7.1 is vulnerable to a buffering attack relying on the use of the STARTTLS command. Fix of CVE-2021-38542, which solved similar problem fron Apache James 3.6.1, is subject to a parser differential and do not take into account concurrent r...
Apache James 3.7.0Apache James
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
path traversalCVE-2024-26978CVE-2024-26982wirelessCVE-2023-6949CVE-2024-26980CVE-2024-32766CVE-2024-26939cache poisoning
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook