CVE-2023-51518

Apache James prior to version 3.7.5 and 3.8.0 exposes a JMX endpoint on localhost subject to pre-authentication deserialisation of untrusted data.Given a deserialisation gadjet, this could be leveraged as part of an exploit chain that could result in privilege escalation.Note that by default JMX en...

CVE-2015-7611

Apache James Server 2.3.2, when configured with file-based user repositories, allows attackers to execute arbitrary system commands via unspecified vectors.