CVE-2015-7611

Apache James Server 2.3.2 with file-based user repositories is affected by CVE-2015-7611, a command-injection vulnerability that allows remote attackers to execute arbitrary system commands via insecure user-creation handling. The root cause is insufficient input validation during user creation, ...

CVE-2024-37358

Technical details about CVE-2024-37358 (affected software, impact, and fixes) are not provided in the connected documents. Monitor for updates.

CVE-2024-45626

CVE-2024-45626 affects Apache James server JMAP: the HTML-to-text conversion path can cause unbounded memory growth, leading to denial of service. Affected versions are those below 3.8.2 and 3.7.6. The recommended remediations are upgrades to 3.7.6, 3.8.2, or newer. The issue is caused by unbound...

CVE-2017-12628

CVE-2017-12628 : The JMX server embedded in Apache James is vulnerable to a Java deserialization issue in its JMX handling, enabling arbitrary command execution. The description notes this is limited to local escalation since JMX is bound to localhost by default, with the vendor upgrade to a fixe...