Lucene search

K
cvelistApacheCVELIST:CVE-2017-12628
HistoryOct 20, 2017 - 3:00 p.m.

CVE-2017-12628

2017-10-2015:00:00
apache
www.cve.org

0.0004 Low

EPSS

Percentile

5.1%

The JMX server embedded in Apache James, also used by the command line client is exposed to a java de-serialization issue, and thus can be used to execute arbitrary commands. As James exposes JMX socket by default only on local-host, this vulnerability can only be used for privilege escalation. Release 3.0.1 upgrades the incriminated library.

CNA Affected

[
  {
    "product": "Apache James",
    "vendor": "Apache Software Foundation",
    "versions": [
      {
        "status": "affected",
        "version": "3.0.0"
      }
    ]
  }
]

0.0004 Low

EPSS

Percentile

5.1%

Related for CVELIST:CVE-2017-12628