261 matches found
CVE-2023-51518 Apache James server: Privilege escalation via JMX pre-authentication deserialisation
Apache James prior to version 3.7.5 and 3.8.0 exposes a JMX endpoint on localhost subject to pre-authentication deserialisation of untrusted data. Given a deserialisation gadjet, this could be leveraged as part of an exploit chain that could result in privilege escalation. Note that by default JM...
CVE-2023-51518 Apache James server: Privilege escalation via JMX pre-authentication deserialisation
Apache James prior to version 3.7.5 and 3.8.0 exposes a JMX endpoint on localhost subject to pre-authentication deserialisation of untrusted data. Given a deserialisation gadjet, this could be leveraged as part of an exploit chain that could result in privilege escalation. Note that by default JM...
CVE-2023-51518
CVE-2023-51518 affects Apache James before 3.7.5 and 3.8.0, exposing a JMX endpoint on localhost that is vulnerable to pre-authentication deserialization. An attacker could leverage a deserialization gadget to achieve privilege escalation as part of an exploit chain; the endpoint is local by defa...
Apache James MIME4J 输入验证错误漏洞
Apache James MIME4J is a library of the American Apache Apache Foundation. It can be used to parse e-mail message streams in pure rfc822 and MIME formats and construct tree representations of e-mail messages. An input validation error vulnerability exists in Apache James MIME4J 0.8.9 and earlier...
Apache James Input Validation Error Vulnerability
Apache James is an open source Smtp and Pop3 mail transfer agent and Nntp news server from the Apache Foundation written entirely in Java. An input validation error vulnerability exists in Apache James versions prior to 3.8.1 and prior to 3.7.5, which stems from a difference in line separator...
Apache James 代码问题漏洞
Apache James is the United States Apache Apache Foundation of a completely written in Java open source Smtp and Pop3 mail transfer agent and Nntp news server . Apache James suffers from an elevation of privilege vulnerability caused by insecure deserialization in JMX endpoints. An attacker can...
PT-2024-14283 · Apache · Apache James
Name of the Vulnerable Software and Affected Versions: Apache James versions prior to 3.8.1 and 3.7.5 Description: A lenient behavior in line delimiter handling might create a difference of interpretation between the sender and the receiver, which can be exploited by an attacker to forge an SMTP...
PT-2024-14172 · Apache · Apache James
Name of the Vulnerable Software and Affected Versions: Apache James versions prior to 3.7.5 and 3.8.0 Description: The issue concerns the exposure of a JMX endpoint on localhost, which is subject to pre-authentication deserialisation of untrusted data. Given a deserialisation gadget, this could b...
Security Bulletin: IBM Sterling B2B Integrator is affected by sensitive information exposure due to Apache James MIME4J (CVE-2022-45787)
Summary IBM Sterling B2B Integrator uses Apache James MIME4J. Vulnerability Details CVEID: CVE-2022-45787 DESCRIPTION: Apache James MIME4J could allow a local authenticated attacker to obtain sensitive information, caused by improper laxist permissions on the temporary files. By sending a...
Security Bulletin: Data Replication on Cloud Pak for Data vulnerabile to Apache James MIME4J vulnerability
Summary A vulnerability in Apache James MIME4J is addressed. Vulnerability Details CVEID:CVE-2022-45787 DESCRIPTION: Apache James MIME4J could allow a local authenticated attacker to obtain sensitive information, caused by improper laxist permissions on the temporary files. By sending a...
Security Bulletin: IBM Spectrum Control is vulnerable to weaknesse related to IBM WebSphere Application Server Liberty
Summary Vulnerability in IBM WebSphere Application Server Liberty such as denial of service, gaining elevated privileges may affect IBM Spectrum Control. Vulnerability Details CVEID:CVE-2023-28867 DESCRIPTION: GraphQL Java is vulnerable to a denial of service, caused by a stack-based buffer...
Security Bulletin: IBM Cognos Analytics is affected but not classified as vulnerable to vulnerabilities in IBM Websphere Application Server Liberty
Summary IBM Cognos Analytics is affected but not classified as vulnerable to vulnerabilities in IBM Websphere Application Server Liberty as the vulnerable features are not enabled see References below. IBM Cognos Analytics has upgraded to an non-affected version of IBM Websphere Application Serve...
Security Bulletin: IBM Match 360 is vulnerable to information disclosure due to Apache James MIME4J within IBM WebSphere Application Server Liberty (CVE-2022-45787)
Summary There is a vulnerability in the Apache James MIME4J library used by IBM WebSphere Application Server Liberty when the feature restfulWS-3.0 is enabled. This has been addressed. Vulnerability Details CVEID:CVE-2022-45787 DESCRIPTION: Apache James MIME4J could allow a local authenticated...
Security Bulletin: Multiple security vulnerabilities affecting Watson Knowledge Catalog for IBM Cloud Pak for Data
Summary Multiple security vulnerabilities impacting Watson Knowledge Catalog for IBM Cloud Pak for Data. These vulnerabilities have been addressed. Vulnerability Details CVEID:CVE-2023-0842 DESCRIPTION: xml2js could allow a remote attacker to execute arbitrary code on the system, caused by a...
Security Bulletin: A security vulnerability has been identified in IBM WebSphere Application Server Liberty shipped with IBM Tivoli Netcool Impact (CVE-2022-45787)
Summary IBM WebSphere Application Server Liberty is shipped with IBM Tivoli Netcool Impact as part of its server infrastructure. Information about a security vulnerability affecting IBM WebSphere Application Server Liberty has been published in a security bulletin. Vulnerability Details...
Moderate: Red Hat Security Advisory: Red Hat build of Quarkus 2.13.8 release and security update
An update is now available for Red Hat build of Quarkus. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability. For more information...
Important: Red Hat Security Advisory: Service Registry (container images) release and security update [2.4.3 GA]
An update to the images for Red Hat Integration - Service Registry is now available from the Red Hat Container Catalog. The purpose of this text-only errata is to inform you about the security issues fixed in this release. Red Hat Product Security has rated this update as having a security impact...
apache-james-mime4j: Temporary File Information Disclosure in MIME4J TempFileStorageProvider
A flaw was found in Apache James's Mime4j TempFileStorageProvider class, where it may set improper permissions when utilizing temporary files. This flaw allows a locally authorized attacker to access information outside their intended permissions...
RHEL 8 : Red Hat Single Sign-On 7.6.3 security update on RHEL 8 (Moderate) (RHSA-2023:2706)
The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2023:2706 advisory. Red Hat Single Sign-On 7.6 is a standalone server, based on the Keycloak project, that provides authentication and standards-based single...
RHEL 9 : Red Hat Single Sign-On 7.6.3 security update on RHEL 9 (Moderate) (RHSA-2023:2707)
The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2023:2707 advisory. Red Hat Single Sign-On 7.6 is a standalone server, based on the Keycloak project, that provides authentication and standards-based single...