Lucene search
K

261 matches found

OSV
OSV
added 2024/02/27 9:9 a.m.9 views

CVE-2023-51518 Apache James server: Privilege escalation via JMX pre-authentication deserialisation

Apache James prior to version 3.7.5 and 3.8.0 exposes a JMX endpoint on localhost subject to pre-authentication deserialisation of untrusted data. Given a deserialisation gadjet, this could be leveraged as part of an exploit chain that could result in privilege escalation. Note that by default JM...

9.8CVSS7.2AI score0.01189EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2024/02/27 9:9 a.m.9 views

CVE-2023-51518 Apache James server: Privilege escalation via JMX pre-authentication deserialisation

Apache James prior to version 3.7.5 and 3.8.0 exposes a JMX endpoint on localhost subject to pre-authentication deserialisation of untrusted data. Given a deserialisation gadjet, this could be leveraged as part of an exploit chain that could result in privilege escalation. Note that by default JM...

7.1AI score0.01189EPSS
Exploits0References1
CVE
CVE
added 2024/02/27 9:9 a.m.4133 views

CVE-2023-51518

CVE-2023-51518 affects Apache James before 3.7.5 and 3.8.0, exposing a JMX endpoint on localhost that is vulnerable to pre-authentication deserialization. An attacker could leverage a deserialization gadget to achieve privilege escalation as part of an exploit chain; the endpoint is local by defa...

9.8CVSS9.5AI score0.01189EPSS
Exploits0References1Affected Software1
CNNVD
CNNVD
added 2024/02/27 12:0 a.m.4 views

Apache James MIME4J 输入验证错误漏洞

Apache James MIME4J is a library of the American Apache Apache Foundation. It can be used to parse e-mail message streams in pure rfc822 and MIME formats and construct tree representations of e-mail messages. An input validation error vulnerability exists in Apache James MIME4J 0.8.9 and earlier...

5.3CVSS6.8AI score0.01082EPSS
Exploits0References6
CNNVD
CNNVD
added 2024/02/27 12:0 a.m.5 views

Apache James Input Validation Error Vulnerability

Apache James is an open source Smtp and Pop3 mail transfer agent and Nntp news server from the Apache Foundation written entirely in Java. An input validation error vulnerability exists in Apache James versions prior to 3.8.1 and prior to 3.7.5, which stems from a difference in line separator...

7.1CVSS6.8AI score0.01045EPSS
Exploits0References5
CNNVD
CNNVD
added 2024/02/27 12:0 a.m.5 views

Apache James 代码问题漏洞

Apache James is the United States Apache Apache Foundation of a completely written in Java open source Smtp and Pop3 mail transfer agent and Nntp news server . Apache James suffers from an elevation of privilege vulnerability caused by insecure deserialization in JMX endpoints. An attacker can...

9.8CVSS7.4AI score0.01189EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2024/02/27 12:0 a.m.3 views

PT-2024-14283 · Apache · Apache James

Name of the Vulnerable Software and Affected Versions: Apache James versions prior to 3.8.1 and 3.7.5 Description: A lenient behavior in line delimiter handling might create a difference of interpretation between the sender and the receiver, which can be exploited by an attacker to forge an SMTP...

7.1CVSS6.8AI score0.01045EPSS
Exploits0References14
Positive Technologies
Positive Technologies
added 2024/02/27 12:0 a.m.7 views

PT-2024-14172 · Apache · Apache James

Name of the Vulnerable Software and Affected Versions: Apache James versions prior to 3.7.5 and 3.8.0 Description: The issue concerns the exposure of a JMX endpoint on localhost, which is subject to pre-authentication deserialisation of untrusted data. Given a deserialisation gadget, this could b...

9.8CVSS9.3AI score0.01189EPSS
Exploits0References9
IBM Security Bulletins
IBM Security Bulletins
added 2023/11/21 4:40 p.m.62 views

Security Bulletin: IBM Sterling B2B Integrator is affected by sensitive information exposure due to Apache James MIME4J (CVE-2022-45787)

Summary IBM Sterling B2B Integrator uses Apache James MIME4J. Vulnerability Details CVEID: CVE-2022-45787 DESCRIPTION: Apache James MIME4J could allow a local authenticated attacker to obtain sensitive information, caused by improper laxist permissions on the temporary files. By sending a...

5.5CVSS6.1AI score0.00271EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/11/08 12:47 p.m.22 views

Security Bulletin: Data Replication on Cloud Pak for Data vulnerabile to Apache James MIME4J vulnerability

Summary A vulnerability in Apache James MIME4J is addressed. Vulnerability Details CVEID:CVE-2022-45787 DESCRIPTION: Apache James MIME4J could allow a local authenticated attacker to obtain sensitive information, caused by improper laxist permissions on the temporary files. By sending a...

5.5CVSS5.9AI score0.00271EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/10/06 7:58 a.m.65 views

Security Bulletin: IBM Spectrum Control is vulnerable to weaknesse related to IBM WebSphere Application Server Liberty

Summary Vulnerability in IBM WebSphere Application Server Liberty such as denial of service, gaining elevated privileges may affect IBM Spectrum Control. Vulnerability Details CVEID:CVE-2023-28867 DESCRIPTION: GraphQL Java is vulnerable to a denial of service, caused by a stack-based buffer...

7.5CVSS6.9AI score0.01051EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/09/27 2:7 p.m.70 views

Security Bulletin: IBM Cognos Analytics is affected but not classified as vulnerable to vulnerabilities in IBM Websphere Application Server Liberty

Summary IBM Cognos Analytics is affected but not classified as vulnerable to vulnerabilities in IBM Websphere Application Server Liberty as the vulnerable features are not enabled see References below. IBM Cognos Analytics has upgraded to an non-affected version of IBM Websphere Application Serve...

9.8CVSS8.3AI score0.0193EPSS
Exploits6Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/07/05 7:9 p.m.23 views

Security Bulletin: IBM Match 360 is vulnerable to information disclosure due to Apache James MIME4J within IBM WebSphere Application Server Liberty (CVE-2022-45787)

Summary There is a vulnerability in the Apache James MIME4J library used by IBM WebSphere Application Server Liberty when the feature restfulWS-3.0 is enabled. This has been addressed. Vulnerability Details CVEID:CVE-2022-45787 DESCRIPTION: Apache James MIME4J could allow a local authenticated...

5.5CVSS5.9AI score0.00271EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/07/05 6:31 p.m.49 views

Security Bulletin: Multiple security vulnerabilities affecting Watson Knowledge Catalog for IBM Cloud Pak for Data

Summary Multiple security vulnerabilities impacting Watson Knowledge Catalog for IBM Cloud Pak for Data. These vulnerabilities have been addressed. Vulnerability Details CVEID:CVE-2023-0842 DESCRIPTION: xml2js could allow a remote attacker to execute arbitrary code on the system, caused by a...

9.8CVSS9.4AI score0.99615EPSS
Exploits21Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/06/30 6:22 a.m.24 views

Security Bulletin: A security vulnerability has been identified in IBM WebSphere Application Server Liberty shipped with IBM Tivoli Netcool Impact (CVE-2022-45787)

Summary IBM WebSphere Application Server Liberty is shipped with IBM Tivoli Netcool Impact as part of its server infrastructure. Information about a security vulnerability affecting IBM WebSphere Application Server Liberty has been published in a security bulletin. Vulnerability Details...

5.5CVSS6AI score0.00271EPSS
Exploits0Affected Software1
RedHat Linux
RedHat Linux
added 2023/06/29 11:9 a.m.63 views

Moderate: Red Hat Security Advisory: Red Hat build of Quarkus 2.13.8 release and security update

An update is now available for Red Hat build of Quarkus. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability. For more information...

9.8CVSS6.7AI score0.05796EPSS
Exploits1References39
RedHat Linux
RedHat Linux
added 2023/06/27 11:28 a.m.59 views

Important: Red Hat Security Advisory: Service Registry (container images) release and security update [2.4.3 GA]

An update to the images for Red Hat Integration - Service Registry is now available from the Red Hat Container Catalog. The purpose of this text-only errata is to inform you about the security issues fixed in this release. Red Hat Product Security has rated this update as having a security impact...

9.8CVSS6.7AI score0.19653EPSS
Exploits3References10
RedHat Linux
RedHat Linux
added 2023/06/27 11:28 a.m.2 views

apache-james-mime4j: Temporary File Information Disclosure in MIME4J TempFileStorageProvider

A flaw was found in Apache James's Mime4j TempFileStorageProvider class, where it may set improper permissions when utilizing temporary files. This flaw allows a locally authorized attacker to access information outside their intended permissions...

5.5CVSS7.1AI score0.00271EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2023/05/13 12:0 a.m.34 views

RHEL 8 : Red Hat Single Sign-On 7.6.3 security update on RHEL 8 (Moderate) (RHSA-2023:2706)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2023:2706 advisory. Red Hat Single Sign-On 7.6 is a standalone server, based on the Keycloak project, that provides authentication and standards-based single...

7.5CVSS7AI score0.02091EPSS
Exploits2References17
Tenable Nessus
Tenable Nessus
added 2023/05/13 12:0 a.m.86 views

RHEL 9 : Red Hat Single Sign-On 7.6.3 security update on RHEL 9 (Moderate) (RHSA-2023:2707)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2023:2707 advisory. Red Hat Single Sign-On 7.6 is a standalone server, based on the Keycloak project, that provides authentication and standards-based single...

7.5CVSS7AI score0.02091EPSS
Exploits2References17
Rows per page
Query Builder