Apache James Server 2.3.2, when configured with file-based user repositories, allows malicious users to execute arbitrary system commands via unspecified vectors.
apache james server 2.3.2