Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
ApacheJames

14 matches found

CVE
CVEadded 2024/02/27 1:8 p.m.5869 views

CVE-2023-51747

Apache James SMTP server is affected in versions prior to 3.8.1 and 3.7.5. The root cause is lenient line-delimiter handling, which can enable SMTP smuggling by causing differences in interpretation between sender and receiver, potentially bypassing SPF checks. The fix enforces CRLF as the line d...

7.1CVSS6.8AI score0.00243EPSS
CVE
CVEadded 2024/02/27 9:9 a.m.4127 views

CVE-2023-51518

CVE-2023-51518 affects Apache James before 3.7.5 and 3.8.0, exposing a JMX endpoint on localhost that is vulnerable to pre-authentication deserialization. An attacker could leverage a deserialization gadget to achieve privilege escalation as part of an exploit chain; the endpoint is local by defa...

9.8CVSS9.5AI score0.00439EPSS
CVE
CVEadded 2023/01/06 9:31 a.m.179 views

CVE-2022-45787

CVE-2022-45787 affects Apache James MIME4J (TempFileStorageProvider) with improper laxist permissions on temporary files, potentially allowing a local authenticated attacker to disclose sensitive information to other local users. Affected versions: MIME4J 0.8.8 and earlier. Impact is information ...

5.5CVSS6AI score0.00009EPSS
CVE
CVEadded 2019/04/17 2:7 p.m.142 views

CVE-2019-0228

CVE-2019-0228 affects Apache PDFBox 2.0.14, enabling an XML External Entity (XXE) attack via crafted XFDF. IBM advisories fix the vulnerability by upgrading IBM Operations Analytics - Log Analysis to version 1.3.7 (PDFBox handling) and Fedora advisories show a PDFBox update to 2.0.16. The vulnera...

9.8CVSS8.9AI score0.13027EPSS
CVE
CVEadded 2022/01/04 8:55 a.m.120 views

CVE-2021-38542

CVE-2021-38542 concerns Apache James vulnerable to a buffering attack via STARTTLS. The core issue is in the handling of STARTTLS that could enable a MITM-related command injection and leakage of sensitive information. Multiple sources corroborate the STARTTLS-related buffering behavior and note ...

5.9CVSS6.1AI score0.00614EPSS
CVE
CVEadded 2022/02/07 6:50 p.m.101 views

CVE-2022-22931

Apache James Server (prior to version 3.6.2) is affected by a path traversal vulnerability tied to CVE-2021-40525. The CVE-2022-22931 entry notes that the fix for CVE-2021-40525 does not prepend delimiters during valid directory validations, enabling a user to access other users’ data stores when...

4.3CVSS6.4AI score0.02834EPSS
CVE
CVEadded 2022/01/04 8:55 a.m.97 views

CVE-2021-40525

The CVE-2021-40525 path traversal affects Apache James Server, specifically the maildir mailbox store and Sieve file repository. The underlying issue allows reading/writing files due to delimiter handling during directory validation, enabling access to other users’ data stores when user names are...

9.1CVSS6.4AI score0.02773EPSS
CVE
CVEadded 2023/01/06 9:33 a.m.97 views

CVE-2022-45935

CVE-2022-45935 affects Apache James server (3.7.2 and earlier). The issue is insecure permissions on temporary files used by the server, enabling a local attacker to access private user data in transit. Affected components include the SMTP stack and the IMAP APPEND command. The published CVSSv3.1...

5.5CVSS5.2AI score0.00125EPSS
CVE
CVEadded 2022/01/04 8:55 a.m.81 views

CVE-2021-40110

CVE-2021-40110 affects Apache James prior to 3.6.1. A DoS can be triggered by an IMAP user crafting LIST commands that exploit a vulnerable regular expression; upgrading to Apache James 3.6.1 or higher enforces the RE2J regex engine to execute in linear time and mitigates the issue. The available...

7.5CVSS7.6AI score0.00673EPSS
CVE
CVEadded 2022/09/08 7:40 a.m.77 views

CVE-2022-28220

CVE-2022-28220 affects Apache James prior to release 3.6.3 and 3.7.1. The issue is a vulnerability in STARTTLS handling that enables a buffering attack. The root cause is related to a parser differential from CVE-2021-38542 and does not account for concurrent requests. The CVSS base score is 7.5 ...

7.5CVSS5.8AI score0.09184EPSS
CVE
CVEadded 2023/04/03 7:59 a.m.71 views

CVE-2023-26269

Summary: CVE-2023-26269 affects Apache James Server 3.7.3 and earlier, where a default unauthenticated JMX management interface enables local privilege escalation when a local user connects to JMX. The root cause is an unprotected JMX service by default; exploitation leads to compromise of the Ja...

7.8CVSS7.8AI score0.01164EPSS
CVE
CVEadded 2022/01/04 8:55 a.m.70 views

CVE-2021-40111

CVE-2021-40111 describes a DoS in Apache James where crafted IMAP APPEND and STATUS commands can trigger infinite loops in the IMAP parsing stack, causing high CPU load and OutOfMemory errors. Exploitation requires authentication and affects Apache James versions prior to 3.6.1. The issue was pat...

6.5CVSS6.3AI score0.00986EPSS
CVE
CVEadded 2005/12/09 3:0 p.m.56 views

CVE-2004-2650

The CVE-2004-2650 entry concerns the Apache James spooler. Affected component: James 2.2.0 spooler retrieve function. Root cause: triggering various error conditions in the retrieve function can prevent a lock release, causing a memory leak and resulting in local-denial-of-service impact. The ava...

4.9CVSS6.2AI score0.00069EPSS
CVE
CVEadded 2006/06/05 5:0 p.m.49 views

CVE-2006-2806

CVE-2006-2806: The SMTP server in Apache Java Mail Enterprise Server (Apache James) 2.2.0 is vulnerable to a denial-of-service via a long argument to the MAIL command, consuming CPU. No exploitation or remediation details are provided in the connected documents.

7.8CVSS6.6AI score0.05405EPSS