Lucene search
ApacheCVELIST:CVE-2023-26269HistoryApr 03, 2023 - 7:59 a.m.
CVE-2023-26269 Apache James server: Privilege escalation through unauthenticated JMX
2023-04-0307:59:13
CWE-862
apache
www.cve.org
1
apache james server
privilege escalation
cve-2023-26269
jmx
authentication
administrators
guice users
0.0004 Low
EPSS
Percentile
5.1%
Apache James server version 3.7.3 and earlier provides a JMX management service without authentication by default. This allows privilege escalation by a
malicious local user.
Administrators are advised to disable JMX, or set up a JMX password.
Note that version 3.7.4 onward will set up a JMX password automatically for Guice users.
CNA Affected
[
{
"defaultStatus": "unaffected",
"product": "Apache James server",
"vendor": "Apache Software Foundation",
"versions": [
{
"lessThanOrEqual": "3.7.3",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
]Related
osv
osv
Apache James server's JMX management service vulnerable to privilege escalation by local user
2023-04-03 09:30:19
CVE-2023-26269
2023-04-03 08:15:07
Ant Media Server vulnerable to a local privilege escalation
2024-04-22 15:51:59
nvd
nvd
CVE-2023-26269
2023-04-03 08:15:07
CVE-2024-32656
2024-04-22 23:15:50
veracode
veracode
Privilege Escalation
2023-04-10 06:12:28
cve
cve
CVE-2023-26269
2023-04-03 08:15:07
CVE-2024-32656
2024-04-22 23:15:50
prion
prion
Authentication flaw
2023-04-03 08:15:00
cnvd
cnvd
Apache James Elevation of Privilege Vulnerability
2023-04-06 00:00:00
github
github
Apache James server's JMX management service vulnerable to privilege escalation by local user
2023-04-03 09:30:19
Ant Media Server vulnerable to a local privilege escalation
2024-04-22 15:51:59
cvelist
cvelist
CVE-2024-32656 Ant Media Server vulnerable to local privilege escalation
2024-04-22 22:16:52