CVE-2023-26269: Misconfigured JMX in Apache James
CVE-2023-26269: Misconfigured JMX in Apache James By default Apache James opens a JMXRMI service that listens on localhost, port 9999 Because the JMX is misconfigured to allow unauthenticated access, an attacker that has local access to the machine running James can use a “MLet attack” in order to load arbitrary MBeans and execute malicious Java code Because the a