Lucene search
K

262 matches found

Tenable Nessus
Tenable Nessus
added 2023/05/13 12:0 a.m.43 views

RHEL 7 : Red Hat Single Sign-On 7.6.3 security update on RHEL 7 (Moderate) (RHSA-2023:2705)

The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2023:2705 advisory. Red Hat Single Sign-On 7.6 is a standalone server, based on the Keycloak project, that provides authentication and standards-based single...

7.5CVSS7AI score0.02091EPSS
Exploits2References17
RedHat Linux
RedHat Linux
added 2023/05/10 11:59 a.m.5 views

apache-james-mime4j: Temporary File Information Disclosure in MIME4J TempFileStorageProvider

A flaw was found in Apache James's Mime4j TempFileStorageProvider class, where it may set improper permissions when utilizing temporary files. This flaw allows a locally authorized attacker to access information outside their intended permissions...

5.5CVSS7.1AI score0.00271EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2023/05/10 11:25 a.m.30 views

Moderate: Red Hat Security Advisory: Red Hat Single Sign-On 7.6.3 security update on RHEL 8

New Red Hat Single Sign-On 7.6.3 packages are now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...

7.5CVSS6.8AI score0.02091EPSS
Exploits2References8
RedHat Linux
RedHat Linux
added 2023/05/10 11:25 a.m.5 views

apache-james-mime4j: Temporary File Information Disclosure in MIME4J TempFileStorageProvider

A flaw was found in Apache James's Mime4j TempFileStorageProvider class, where it may set improper permissions when utilizing temporary files. This flaw allows a locally authorized attacker to access information outside their intended permissions...

5.5CVSS7.1AI score0.00271EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2023/05/10 11:25 a.m.45 views

Moderate: Red Hat Security Advisory: Red Hat Single Sign-On 7.6.3 security update on RHEL 9

New Red Hat Single Sign-On 7.6.3 packages are now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...

7.5CVSS6.8AI score0.02091EPSS
Exploits2References8
RedHat Linux
RedHat Linux
added 2023/05/10 11:25 a.m.4 views

apache-james-mime4j: Temporary File Information Disclosure in MIME4J TempFileStorageProvider

A flaw was found in Apache James's Mime4j TempFileStorageProvider class, where it may set improper permissions when utilizing temporary files. This flaw allows a locally authorized attacker to access information outside their intended permissions...

5.5CVSS7.1AI score0.00271EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2023/05/10 11:25 a.m.84 views

Moderate: Red Hat Security Advisory: Red Hat Single Sign-On 7.6.3 security update on RHEL 7

New Red Hat Single Sign-On 7.6.3 packages are now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...

7.5CVSS6.8AI score0.02091EPSS
Exploits2References8
IBM Security Bulletins
IBM Security Bulletins
added 2023/05/05 1:19 p.m.21 views

Security Bulletin: IBM PowerVM Novalink is vulnerable because Apache James MIME4J could allow a local authenticated attacker to obtain sensitive information, caused by improper laxist permissions on the temporary files. (CVE-2022-45787)

Summary IBM PowerVM Novalink is vulnerable because Apache James MIME4J could allow a local authenticated attacker to obtain sensitive information, caused by improper laxist permissions on the temporary files. By sending a specially-crafted request, an attacker could exploit this vulnerability to...

5.5CVSS6.1AI score0.00271EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/05/02 9:50 p.m.37 views

Security Bulletin: IBM Watson Discovery Cartridge for IBM Cloud Pak for Data affected by vulnerability in Apache James MIME4J

Summary IBM Watson Discovery Cartridge for IBM Cloud Pak for Data contains a vulnerable version of Apache James MIME4J. Vulnerability Details CVEID:CVE-2022-45787 DESCRIPTION: Apache James MIME4J could allow a local authenticated attacker to obtain sensitive information, caused by improper laxist...

5.5CVSS5.9AI score0.00271EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/04/14 10:36 a.m.24 views

Security Bulletin: The IBM® Engineering Lifecycle Engineering product using IBM WebSphere Application Server is vulnerable to Apache James MIME4J library - CVE-2022-45787

Summary Vulnerability in the Apache James MIME4J library used by IBM WebSphere Application Server Liberty when the feature restfulWS-3.0 is enabled. Following IBM® Engineering Lifecycle Engineering products are vulnerable to this attack, it has been addressed in this bulletin: Jazz Foundation, IB...

5.5CVSS6.2AI score0.00271EPSS
Exploits0Affected Software1
CNVD
CNVD
added 2023/04/06 12:0 a.m.26 views

Apache James Elevation of Privilege Vulnerability

Apache James is the United States Apache Apache Foundation of a completely written in Java open source Smtp and Pop3 mail transfer agent and Nntp news server . An elevation of privilege vulnerability exists in Apache James 3.7.3 and earlier versions, which stems from the default provisioning of J...

7.8CVSS7.5AI score0.00654EPSS
Exploits0References1
vulnersOsv
vulnersOsv
added 2023/04/03 9:30 a.m.16 views

org.apache.james.examples:custom-james-assembly (>=3.7.0 <=3.7.3), org.apache.james.examples:custom-mailets (>=3.6.0 <=3.7.3) +141 more potentially affected by CVE-2023-26269 via org.apache.james:javax-mail-extension (>=3.1.0 <=3.7.3)

org.apache.james:javax-mail-extension MAVEN version =3.1.0, =3.7.0, =3.6.0, =3.7.0, =3.7.0, =3.4.0, =3.4.0, =3.6.0, =3.1.0, =3.1.0, =3.7.0, =3.4.0, =3.1.0, =3.1.0, =3.7.0, =3.7.3 and more Source cves: CVE-2023-26269 Source advisory: OSV:GHSA-W7R6-V4J7-H94Whttps://vulners.com/osv/OSV:GHSA-W7R6-V4J...

7.8CVSS7.1AI score0.00654EPSS
Exploits0
OSV
OSV
added 2023/04/03 9:30 a.m.1 views

GHSA-W7R6-V4J7-H94W Apache James server's JMX management service vulnerable to privilege escalation by local user

Apache James server version 3.7.3 and earlier provides a JMX management service without authentication by default. This allows privilege escalation by a malicious local user. Administrators are advised to disable JMX, or set up a JMX password. Note that version 3.7.4 onward will set up a JMX...

7.8CVSS5.9AI score0.00654EPSS
Exploits0References4
NVD
NVD
added 2023/04/03 8:15 a.m.57 views

CVE-2023-26269

Apache James server version 3.7.3 and earlier provides a JMX management service without authentication by default. This allows privilege escalation by a malicious local user. Administrators are advised to disable JMX, or set up a JMX password. Note that version 3.7.4 onward will set up a JMX...

7.8CVSS7.9AI score0.00654EPSS
Exploits0References2
Prion
Prion
added 2023/04/03 8:15 a.m.17 views

Authentication flaw

Apache James server version 3.7.3 and earlier provides a JMX management service without authentication by default. This allows privilege escalation by a malicious local user. Administrators are advised to disable JMX, or set up a JMX password. Note that version 3.7.4 onward will set up a JMX...

4.3CVSS8AI score0.00654EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2023/04/03 7:59 a.m.46 views

CVE-2023-26269 Apache James server: Privilege escalation through unauthenticated JMX

Apache James server version 3.7.3 and earlier provides a JMX management service without authentication by default. This allows privilege escalation by a malicious local user. Administrators are advised to disable JMX, or set up a JMX password. Note that version 3.7.4 onward will set up a JMX...

8.1AI score0.00654EPSS
Exploits0References2
CVE
CVE
added 2023/04/03 7:59 a.m.77 views

CVE-2023-26269

Summary: CVE-2023-26269 affects Apache James Server 3.7.3 and earlier, where a default unauthenticated JMX management interface enables local privilege escalation when a local user connects to JMX. The root cause is an unprotected JMX service by default; exploitation leads to compromise of the Ja...

7.8CVSS7.8AI score0.00654EPSS
Exploits0References2Affected Software1
OSV
OSV
added 2023/04/03 7:59 a.m.19 views

CVE-2023-26269 Apache James server: Privilege escalation through unauthenticated JMX

Apache James server version 3.7.3 and earlier provides a JMX management service without authentication by default. This allows privilege escalation by a malicious local user. Administrators are advised to disable JMX, or set up a JMX password. Note that version 3.7.4 onward will set up a JMX...

7.8CVSS7AI score0.00654EPSS
Exploits0References4
CNNVD
CNNVD
added 2023/04/03 12:0 a.m.4 views

Apache James 安全漏洞

Apache James is the United States Apache Apache Foundation of a completely written in Java open source Smtp and Pop3 mail transfer agent and Nntp news server . An elevation of privilege vulnerability exists in Apache James 3.7.3 and earlier versions, which stems from the default provisioning of J...

7.8CVSS7.3AI score0.00654EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2023/04/03 12:0 a.m.4 views

PT-2023-20578 · Apache · Apache James Server

Name of the Vulnerable Software and Affected Versions: Apache James server versions 3.7.3 and earlier Description: The issue allows privilege escalation by a malicious local user due to the JMX management service being provided without authentication by default. Administrators are advised to take...

7.8CVSS7.8AI score0.00654EPSS
Exploits0References12
Rows per page
Query Builder