262 matches found
RHEL 7 : Red Hat Single Sign-On 7.6.3 security update on RHEL 7 (Moderate) (RHSA-2023:2705)
The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2023:2705 advisory. Red Hat Single Sign-On 7.6 is a standalone server, based on the Keycloak project, that provides authentication and standards-based single...
apache-james-mime4j: Temporary File Information Disclosure in MIME4J TempFileStorageProvider
A flaw was found in Apache James's Mime4j TempFileStorageProvider class, where it may set improper permissions when utilizing temporary files. This flaw allows a locally authorized attacker to access information outside their intended permissions...
Moderate: Red Hat Security Advisory: Red Hat Single Sign-On 7.6.3 security update on RHEL 8
New Red Hat Single Sign-On 7.6.3 packages are now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...
apache-james-mime4j: Temporary File Information Disclosure in MIME4J TempFileStorageProvider
A flaw was found in Apache James's Mime4j TempFileStorageProvider class, where it may set improper permissions when utilizing temporary files. This flaw allows a locally authorized attacker to access information outside their intended permissions...
Moderate: Red Hat Security Advisory: Red Hat Single Sign-On 7.6.3 security update on RHEL 9
New Red Hat Single Sign-On 7.6.3 packages are now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...
apache-james-mime4j: Temporary File Information Disclosure in MIME4J TempFileStorageProvider
A flaw was found in Apache James's Mime4j TempFileStorageProvider class, where it may set improper permissions when utilizing temporary files. This flaw allows a locally authorized attacker to access information outside their intended permissions...
Moderate: Red Hat Security Advisory: Red Hat Single Sign-On 7.6.3 security update on RHEL 7
New Red Hat Single Sign-On 7.6.3 packages are now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...
Security Bulletin: IBM PowerVM Novalink is vulnerable because Apache James MIME4J could allow a local authenticated attacker to obtain sensitive information, caused by improper laxist permissions on the temporary files. (CVE-2022-45787)
Summary IBM PowerVM Novalink is vulnerable because Apache James MIME4J could allow a local authenticated attacker to obtain sensitive information, caused by improper laxist permissions on the temporary files. By sending a specially-crafted request, an attacker could exploit this vulnerability to...
Security Bulletin: IBM Watson Discovery Cartridge for IBM Cloud Pak for Data affected by vulnerability in Apache James MIME4J
Summary IBM Watson Discovery Cartridge for IBM Cloud Pak for Data contains a vulnerable version of Apache James MIME4J. Vulnerability Details CVEID:CVE-2022-45787 DESCRIPTION: Apache James MIME4J could allow a local authenticated attacker to obtain sensitive information, caused by improper laxist...
Security Bulletin: The IBM® Engineering Lifecycle Engineering product using IBM WebSphere Application Server is vulnerable to Apache James MIME4J library - CVE-2022-45787
Summary Vulnerability in the Apache James MIME4J library used by IBM WebSphere Application Server Liberty when the feature restfulWS-3.0 is enabled. Following IBM® Engineering Lifecycle Engineering products are vulnerable to this attack, it has been addressed in this bulletin: Jazz Foundation, IB...
Apache James Elevation of Privilege Vulnerability
Apache James is the United States Apache Apache Foundation of a completely written in Java open source Smtp and Pop3 mail transfer agent and Nntp news server . An elevation of privilege vulnerability exists in Apache James 3.7.3 and earlier versions, which stems from the default provisioning of J...
org.apache.james.examples:custom-james-assembly (>=3.7.0 <=3.7.3), org.apache.james.examples:custom-mailets (>=3.6.0 <=3.7.3) +141 more potentially affected by CVE-2023-26269 via org.apache.james:javax-mail-extension (>=3.1.0 <=3.7.3)
org.apache.james:javax-mail-extension MAVEN version =3.1.0, =3.7.0, =3.6.0, =3.7.0, =3.7.0, =3.4.0, =3.4.0, =3.6.0, =3.1.0, =3.1.0, =3.7.0, =3.4.0, =3.1.0, =3.1.0, =3.7.0, =3.7.3 and more Source cves: CVE-2023-26269 Source advisory: OSV:GHSA-W7R6-V4J7-H94Whttps://vulners.com/osv/OSV:GHSA-W7R6-V4J...
GHSA-W7R6-V4J7-H94W Apache James server's JMX management service vulnerable to privilege escalation by local user
Apache James server version 3.7.3 and earlier provides a JMX management service without authentication by default. This allows privilege escalation by a malicious local user. Administrators are advised to disable JMX, or set up a JMX password. Note that version 3.7.4 onward will set up a JMX...
CVE-2023-26269
Apache James server version 3.7.3 and earlier provides a JMX management service without authentication by default. This allows privilege escalation by a malicious local user. Administrators are advised to disable JMX, or set up a JMX password. Note that version 3.7.4 onward will set up a JMX...
Authentication flaw
Apache James server version 3.7.3 and earlier provides a JMX management service without authentication by default. This allows privilege escalation by a malicious local user. Administrators are advised to disable JMX, or set up a JMX password. Note that version 3.7.4 onward will set up a JMX...
CVE-2023-26269 Apache James server: Privilege escalation through unauthenticated JMX
Apache James server version 3.7.3 and earlier provides a JMX management service without authentication by default. This allows privilege escalation by a malicious local user. Administrators are advised to disable JMX, or set up a JMX password. Note that version 3.7.4 onward will set up a JMX...
CVE-2023-26269
Summary: CVE-2023-26269 affects Apache James Server 3.7.3 and earlier, where a default unauthenticated JMX management interface enables local privilege escalation when a local user connects to JMX. The root cause is an unprotected JMX service by default; exploitation leads to compromise of the Ja...
CVE-2023-26269 Apache James server: Privilege escalation through unauthenticated JMX
Apache James server version 3.7.3 and earlier provides a JMX management service without authentication by default. This allows privilege escalation by a malicious local user. Administrators are advised to disable JMX, or set up a JMX password. Note that version 3.7.4 onward will set up a JMX...
Apache James 安全漏洞
Apache James is the United States Apache Apache Foundation of a completely written in Java open source Smtp and Pop3 mail transfer agent and Nntp news server . An elevation of privilege vulnerability exists in Apache James 3.7.3 and earlier versions, which stems from the default provisioning of J...
PT-2023-20578 · Apache · Apache James Server
Name of the Vulnerable Software and Affected Versions: Apache James server versions 3.7.3 and earlier Description: The issue allows privilege escalation by a malicious local user due to the JMX management service being provided without authentication by default. Administrators are advised to take...