CVE-2022-45787

CVE-2022-45787 affects Apache James MIME4J (TempFileStorageProvider) with improper laxist permissions on temporary files, potentially allowing a local authenticated attacker to disclose sensitive information to other local users. Affected versions: MIME4J 0.8.8 and earlier. Impact is information ...

CVE-2021-38542

CVE-2021-38542 concerns Apache James vulnerable to a buffering attack via STARTTLS. The core issue is in the handling of STARTTLS that could enable a MITM-related command injection and leakage of sensitive information. Multiple sources corroborate the STARTTLS-related buffering behavior and note ...

CVE-2021-40525

The CVE-2021-40525 path traversal affects Apache James Server, specifically the maildir mailbox store and Sieve file repository. The underlying issue allows reading/writing files due to delimiter handling during directory validation, enabling access to other users’ data stores when user names are...

CVE-2021-40110

CVE-2021-40110 affects Apache James prior to 3.6.1. A DoS can be triggered by an IMAP user crafting LIST commands that exploit a vulnerable regular expression; upgrading to Apache James 3.6.1 or higher enforces the RE2J regex engine to execute in linear time and mitigates the issue. The available...

CVE-2023-26269

Summary: CVE-2023-26269 affects Apache James Server 3.7.3 and earlier, where a default unauthenticated JMX management interface enables local privilege escalation when a local user connects to JMX. The root cause is an unprotected JMX service by default; exploitation leads to compromise of the Ja...

CVE-2021-40111

CVE-2021-40111 describes a DoS in Apache James where crafted IMAP APPEND and STATUS commands can trigger infinite loops in the IMAP parsing stack, causing high CPU load and OutOfMemory errors. Exploitation requires authentication and affects Apache James versions prior to 3.6.1. The issue was pat...