Lucene search

K
osvGoogleOSV:GHSA-XJ7Q-Q94C-6WR3
HistoryMay 17, 2022 - 12:25 a.m.

Apache James Privilege Escalation

2022-05-1700:25:34
Google
osv.dev
6

0.0004 Low

EPSS

Percentile

5.1%

The JMX server embedded in Apache James, also used by the command line client is exposed to a java de-serialization issue, and thus can be used to execute arbitrary commands. As James exposes JMX socket by default only on local-host, this vulnerability can only be used for privilege escalation. Release 3.0.1 upgrades the incriminated library.

0.0004 Low

EPSS

Percentile

5.1%

Related for OSV:GHSA-XJ7Q-Q94C-6WR3